Changelog

2 years ago

Update to Rules - S3 Buckets Should Not Be Publicly Open

Stax has changed how Rules relating to S3 buckets being publicly open are evaluated by including the FULL_CONTROL is not granted to groups AllUsers or AllAuthenticatedUsers check.

If you observe buckets that were previously compliant now showing as non-compliant, it is likely due to the stricter requirement for the bucket to meet the additional control described above. For more information and remediation, visit S3 Buckets shouldn't be Publicly Open.

Impacted Rule Name
Impacted Bundles
  • S3 Best Practices, version 1.0 & 1.1
  • Organization
S3 Buckets should not be Publicly Open for Reads
  • S3 Best Practices, version 1.0 & 1.1
  • Organization
S3 Buckets should not be Publicly Open for Reads and Writes
(Previously: S3 Buckets should not be Publicly Open)
  • S3 Best Practices, version 1.0 & 1.1
  • Organization
S3 Buckets should not be Publicly Open for Writes
  • S3 Best Practices, version 1.0 & 1.1
  • Organization
S3 Buckets should not be publicly open for read operations
  • Public Exposure, version 1.0
S3 Buckets should not be publicly open for read and write operations
(Previously: S3 Buckets should not be publicly open)
  • Public Exposure, version 1.0