S3 permissions granted to other AWS accounts in bucket policies should be restricted
Can anyone please help how to fix this security alert " S3 permissions granted to other AWS accounts in bucket policies should be restricted " Step by Step procedure to fix.
I tired the below AWS remediation steps , I am struck on 5 & 6 which I have marked **
Open the Amazon S3 console at https://console.aws.amazon.com/s3/. In the Bucket name list, choose the name of the S3 bucket for which you want to edit the policy. Choose Permissions, and then choose Bucket Policy. In the Bucket policy editor text box, do one of the following: Remove the statements that grant access to denied actions to other AWS accounts Remove the permitted denied actions from the statements Choose Save.
Thanks
in AWS Management Account (also called root account) - you can leverage Service Control Policies (SCPs) to add a policy that meets a specific compliance policy.
Use this link to find out exactly how to create a specific SCP and apply to your organization : https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Yes, i gone through SCP but Sorry i am still confused what to do ?
Relevant questions
S3 Bucket Security
asked 7 months agoS3 Bucket cannot be reached in GroundTruth Labeling
asked 3 months agoCan not select multiple S3 bucket from Security & permissions page
asked a year agoCreate User to Use S3 API with Restricted Permissions
Accepted Answerasked 2 months agoS3 permissions STS assume role bucket to bucket copy
Accepted Answerasked 5 years agoS3 permissions granted to other AWS accounts in bucket policies should be restricted
asked a month agoYou don't have permissions to edit bucket policy
asked a year agoCorrect process for configuring S3 bucket so ONLY Cloudfront can access?
asked 3 years agoDiplay pictures stored in s3 to web page
Accepted Answerasked 3 years agoTrying to share an S3 bucket across accounts using 'aws:PrincipalOrgPaths', how to debug?
asked 21 days ago