You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Check: CKV2_AWS_65: "Ensure access control lists for S3 buckets are disabled"
FAILED for resource: module.bastion.aws_s3_bucket_ownership_controls.session_logs_bucket
File: /s3-buckets.tf:29-38
What about S3 ACLs?
An S3 ACL is a sub-resource that’s attached to every S3 bucket and object. It defines which AWS accounts or groups are granted access and the type of access. You can attach S3 ACLs to both buckets and individual objects within a bucket to manage permissions for those objects. As a general rule, AWS recommends that you use S3 bucket policies or IAM policies for access control. S3 ACLs are a legacy access control mechanism that predates IAM. By default, object ownership is set to the bucket owner enforced setting, and all ACLs are disabled, as can be seen in Figure 1.
The text was updated successfully, but these errors were encountered:
Checkov throwing this error
We should be moving away from bucket ACLs according to AWS and moving to IAM/Bucket policies
https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
The text was updated successfully, but these errors were encountered: