Skip to main content

An AWS S3 bucket was modified to allow public access

ID:aws_s3_bucket_public
Data type:AWS CloudTrail
Severity:
Low
MITRE ATT&CK:TA0010:T1537

Description

AlphaSOC detected that an AWS S3 bucket has been modified to allow public access. Public access to S3 buckets can expose sensitive data to unauthorized users and potentially lead to data breaches.

Impact

Allowing public access to S3 buckets can have serious consequences for data security and privacy. It can also lead to increased costs, as AWS charges fees for retrieving data from S3 buckets. Depending on the policy, unauthorized individuals may be able to read, modify, or delete sensitive information stored in the bucket, which could lead to data leaks or the distribution of harmful content.

Severity

SeverityCondition
Low
AWS S3 bucket has been made public

Investigation and Remediation

Review the bucket's contents to assess potential data exposure. If public access wasn't granted intentionally, revoke it or use S3 Block Public Access feature.

Known False Positives

  • Public access granted for legitimate file sharing purposes

Further Reading