AWS S3 Block Public Access was disabled for a bucket
ID:aws_s3_bucket_public_block_disabled
Data type:AWS CloudTrail
Severity:
Informational
MITRE ATT&CK:TA0005:T1562
Description
AlphaSOC has detected that AWS S3 Block Public Access has been disabled for an account or a bucket. Public access to S3 buckets can expose sensitive data to unauthorized users and potentially lead to data breaches.
Impact
Allowing public access to S3 buckets can have serious consequences for data security and privacy. It can also lead to increased costs, as AWS charges fees for retrieving data from S3 buckets. Depending on the policy, unauthorized individuals may be able to read, modify, or delete sensitive information stored in the bucket, which could lead to data leaks or the distribution of harmful content.
Severity
Severity | Condition |
---|---|
Informational | AWS S3 Block Public Access has been disabled |
Investigation and Remediation
Review the S3 bucket contents to assess potential data exposure. If Block Public Access wasn't disabled intentionally, re-enable it.
Known False Positives
- Public access granted for legitimate file sharing purposes