πΌ [S3.6] S3 general purpose bucket policies should restrict access to other AWS accounts
-
Contextual name: πΌ [S3.6] S3 general purpose bucket policies should restrict access to other AWS accounts
-
ID:
/frameworks/aws-fsbp-v1.0.0/s3/06 -
Located in: πΌ Simple Storage Service (S3)
Descriptionβ
Implementing least privilege access is fundamental to reducing security risk and the impact of errors or malicious intent. If an S3 bucket policy allows access from external accounts, it could result in data exfiltration by an insider threat or an attacker.
The blacklistedactionpatterns parameter allows for successful evaluation of
the rule for S3 buckets. The parameter grants access to external accounts for
action patterns that are not included in the blacklistedactionpatterns list.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-75aac192
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ CA-9(1) Internal System Connections _ Compliance Checks | 15 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-2 Baseline Configuration | 7 | 13 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|