S3 permissions granted to other AWS accounts in bucket policies should be restricted

Question

Can anyone please help how to fix this security alert " S3 permissions granted to other AWS accounts in bucket policies should be restricted " Step by Step procedure to fix.

I tired the below AWS remediation steps , I am struck on 5 & 6 which I have marked **

Open the Amazon S3 console at https://console.aws.amazon.com/s3/.
In the Bucket name list, choose the name of the S3 bucket for which you want to edit the policy.
Choose Permissions, and then choose Bucket Policy.
In the Bucket policy editor text box, do one of the following:
**Remove the statements that grant access to denied actions to other AWS accounts
Remove the permitted denied actions from the statements**
Choose Save.

Thanks

Answer

in AWS Management Account (also called root account) - you can leverage Service Control Policies (SCPs) to add a policy that meets a specific compliance policy.

Use this link to find out exactly how to create a specific SCP and apply to your organization : https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

Answer

Yes,  i gone through SCP but Sorry i am still confused what to do ?

S3 permissions granted to other AWS accounts in bucket policies should be restricted

相關內容