💼 [S3.12] ACLs should not be used to manage user access to S3 general purpose buckets
- ID:
/frameworks/aws-fsbp-v1.0.0/s3/12
Description​
ACLs are legacy access control mechanisms that predate IAM. Instead of ACLs, we recommend using S3 bucket policies or AWS Identity and Access Management (IAM) policies to manage access to your S3 buckets.
Similar​
- AWS Security Hub
- Internal
- ID:
dec-c-dfd02461
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management | 4 | 27 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement | 15 | 5 | 59 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control | 31 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 22 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege | 10 | 23 | 72 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|