Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

s3 permissions - security hub wants no read only so suggestions

0

Starting to utilize the security hub feature and they are saying that "S3.2 S3 buckets should prohibit public read access".

So we use S3 for a lot of images, most of already in cloudfront, but when I turn off public, even the cloudfront fails. The recommendation is really no help, just says to turn it off, so I am trying to figure out the best practice to roll out to all our S3 buckets.

As I said, most are images that goto cloudfront, there are some other uses that I can look at, but I want to get those resolved from security hub and still allow the images to work.

Thanks.

Themen
SpeicherSicherheit, Identität & KonformitätAWS Framework mit guter Struktur
Tags
Amazon Simple Storage ServiceAWS Sicherheits-HubSicherheit
Sprache
English
lraymond
gefragt vor 2 Jahren251 Aufrufe
1 Antwort
0

The S3.2 policy evaluates not only the Block Public Access setting, but the bucket policy and the bucket ACL.

You will need to configure Origin Access Identity (OAI) on your S3 Bucket(s) so they only serve content via CloudFront (if not already done so). Take a look at this article + video guide.

profile pictureAWS
mkosta-AWS
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt