Storage Containers Permissions Check

This bot identifies storage containers such as AWS S3 buckets that have read, write, or delete permissions open to the world. Running buckets with this type of access policy can result in data loss, exposure, and potentially downtime in the case of static website hosting.

Recommended Action

Tailor access list control permissions to the minimum level of access required. Typically only static websites should be open to the world and all other buckets should be locked down to authorized stakeholders.

Severity

High

Resource Types Inspected

Storage Container

Reactive Hookpoints

resource.created resource.modified