Every Organization wants to focus on their business rather than getting worried about security threat looming around their cloud resources. Most users deploy their maximum workload on S3 buckets. It is necessary to follow certain recommendations for AWS S3 and S3 bucket permissions which ensure the security of their bucket data.
AWS S3 bucket permissions for data storage security
The resource owner and the AWS account who creates S3 buckets have all the permissions to access the objects stored within those buckets. It is recommended not to grant upload/delete permission to just any AWS user or resource. Granting these permissions allows any unauthorized AWS user to upload any file or delete any file in the S3 bucket. This can increase the probability of data misuse or other security attacks.
There can be a possibility where the users have numerous buckets in their cloud infrastructure and there might exist a couple of buckets containing sensitive data and having such permissions enabled for all unauthorized users. The user might not be aware of such buckets.
Centilytics has a dedicated insight for AWS S3 bucket permissions. This insight lists down all your buckets having upload/delete permissions enabled for AWS users. It, therefore, helps the users to take necessary actions and change permissions for their S3 buckets.
Insight descriptions:
There can be 2 possible scenarios:
| Severity | Description |
 WARNING |
This indication will be displayed when the corresponding S3 bucket has list access for any authenticated AWS user. Or if the bucket allows any kind of open access. Or if the bucket permission cannot be determined. |
 CRITICAL |
This indication will be displayed when the corresponding S3 bucket has upload/delete permission for everyone or for any authenticated AWS user. |
Description of further columns are as follows:
- Account Id: This column Shows the respective account ID of the user’s account.
- Account Name: This column shows the corresponding account name to the user’s account.
- Region: This column shows the region in which the bucket exists.
- Identifier: This column shows the corresponding bucket name.
- Permissions: This column shows the permissions corresponding to the S3 bucket.
Filters applicable:
| Filter Name | Description |
| Account Id | Applying the account Id filter will display data for the selected account Id. |
| Region | Applying the region filter will display data according to the selected region. |
| Severity | Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types |
Compliances covered:
| Compliance Name | Reference No. | Link |
| Trusted Advisor | – | https://console.aws.amazon.com/trustedadvisor/home?#/category/security |