Why AWS S3 buckets should not be publicly accessible?

Publicly Accessible AWS S3 Buckets - Cloud Security

Ensuring cloud security is on the priority for most of the crucial IT practices. Organizations want their cloud infrastructure to attain maximum security levels which will allow them to deploy their data, resources and focus on their business rather than getting worried about security threats. S3 is the storage service provided by Amazon Web Services and it is necessary to take some remediations for your AWS S3 buckets to secure the stored data.

Why AWS S3 buckets should not be publicly accessible?

Users can control the accessibility and privacy of their S3 buckets in bucket policy. It is recommended that AWS S3 buckets should not be publicly accessible to other users in AWS. Publicly accessible S3 bucket means that other AWS users can access your data stored in the bucket which can lead to misuse of the data. There may be a situation where the user might be unaware of any publicly accessible bucket which may contain data which is not supposed to be shared with other users.

Need a clear understanding of Amazon S3? – read our insider piece.

Centilytics comes into play to ensure your cloud’s security posture

Centilytics lists down all your S3 buckets and shows the corresponding status specifying whether they are public or not. This insight allows you to analyze and act against your misconfigured S3 buckets from AWS console.

Insight descriptions:

There can be 2 possible scenarios:

Severity Description
 OK This indication will be displayed when the corresponding AWS S3 buckets are not publicly accessible
AWS EBS PUBLIC SNAPSHOTCRITICAL This indication will be displayed when the corresponding S3 bucket is publicly accessible.

 

Description of further columns are as follows:

  1. Account Id: This column Shows the respective account ID of the user’s account. AWS S3 publicly accessible buckets-ss2
  2. Account Name: This column shows the corresponding account name to the user’s account.AWS S3 publicly accessible buckets-ss4
  3. Region: This column shows the region in which the bucket exists.AWS S3 publicly accessible buckets-ss5
  4. Bucket Name: This column shows the corresponding bucket name.AWS S3 publicly accessible buckets-ss1
  5. Description: This column shows the description attached to the corresponding bucket.AWS S3 publicly accessible buckets-ss3

 

Filters applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Region Applying region filter will display data according to the selected region.
Severity Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types

 

Compliances covered:

Compliance Name Reference No. Link
PCI 1.2.1,1.3,1.3.1,1.3.2 https://docs.aws.amazon.com/quickstart/
latest/compliance-pci/welcome.html
HIPAA 164.312(a)(1) https://aws.amazon.com/quickstart/
architecture/compliance-hipaa/
ISO 27001 A.9.1.2, A.13.1.3, A.13.2.1, A.14.1.2 https://www.iso.org/standard/54534.html

 

NIST 800-53 SC-7, SI-4,CM-2,CM-6 https://docs.aws.amazon.com/quickstart/
latest/compliance-nist/welcome.html

 

Read more:

[1] https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html

LEAVE A REPLY

Please enter your comment!
Please enter your name here