💼 [S3.6] S3 general purpose bucket policies should restrict access to other AWS accounts
- ID:
/frameworks/aws-fsbp-v1.0.0/s3/06
Description​
Implementing least privilege access is fundamental to reducing security risk and the impact of errors or malicious intent. If an S3 bucket policy allows access from external accounts, it could result in data exfiltration by an insider threat or an attacker.
The blacklistedactionpatterns parameter allows for successful evaluation of
the rule for S3 buckets. The parameter grants access to external accounts for
action patterns that are not included in the blacklistedactionpatterns list.
Similar​
- AWS Security Hub
- Internal
- ID:
dec-c-75aac192
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks | 25 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 CM-2 Baseline Configuration | 7 | 29 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|