Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: check for S3 Buckets with ACLs enabled #1600

Open
rdegraaf opened this issue Jan 18, 2024 · 0 comments
Open

Feature request: check for S3 Buckets with ACLs enabled #1600

rdegraaf opened this issue Jan 18, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@rdegraaf
Copy link

Is your feature request related to a problem? Please describe.

Access controls for AWS S3 Buckets can be managed using a combination of identity-based and resource-based permission policies (the current preferred method) and using Bucket ACLs (a largely obsolete method dating back to the early days of AWS). Most Buckets should have ACLs disabled so that we don't need to worry about them. See https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html for details.

Describe the solution you'd like

ScoutSuite should check for S3 Buckets that do not have ACLs disabled. This should be implemented by checking for Buckets where the "ObjectOwnership" setting is not "BucketOwnerEnforced". See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/get-bucket-ownership-controls.html for more information.
@rdegraaf rdegraaf added the enhancement New feature or request label Jan 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rdegraaf