Json Yaml Public Bucket Policy Principal Wildcard

Description

Identifies AWS S3 bucket policies in CloudFormation templates that could allow unauthorized public access by using wildcard principals ('*'). Such configurations can expose S3 bucket contents to anyone on the internet, potentially leading to data breaches.

Weakness:

203 - Unauthorized access to files - Cloud Storage Services

Category: Access Subversion

Detection Strategy

• Scans CloudFormation template files for S3 bucket policy resource definitions (AWS::S3::BucketPolicy type)

• Examines the Principal element in the bucket policy statements

• Reports a vulnerability if the Principal is set to '*' or contains overly permissive wildcards

• Flags only bucket policies that combine permissive principals with resource-level access

Vulnerable code example

Resources:
  UnsafeS3BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyS3Bucket
      PolicyDocument:
        Statement:
          - Action:  # Vulnerable: Allows all S3 actions (*) to any principal...

✅ Secure code example

Resources:
  SafeS3BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyS3Bucket
      PolicyDocument:
        Statement:
          - Action:  # Only grant specific required actions instead of s3:*...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.