AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

s3 permissions - security hub wants no read only so suggestions

0

Starting to utilize the security hub feature and they are saying that "S3.2 S3 buckets should prohibit public read access".

So we use S3 for a lot of images, most of already in cloudfront, but when I turn off public, even the cloudfront fails. The recommendation is really no help, just says to turn it off, so I am trying to figure out the best practice to roll out to all our S3 buckets.

As I said, most are images that goto cloudfront, there are some other uses that I can look at, but I want to get those resolved from security hub and still allow the images to work.

Thanks.

주제
스토리지보안, 신원 및 규정 준수AWS Well-Architected 프레임워크
태그
아마존 심플 스토리지 서비스AWS 보안 허브보안
언어
English
lraymond
질문됨 2년 전251회 조회
1개 답변
0

The S3.2 policy evaluates not only the Block Public Access setting, but the bucket policy and the bucket ACL.

You will need to configure Origin Access Identity (OAI) on your S3 Bucket(s) so they only serve content via CloudFront (if not already done so). Take a look at this article + video guide.

profile pictureAWS
mkosta-AWS
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠