Query: S3 buckets access control lists (ACLs) should not be used to manage user access to buckets

Description

This control checks whether AWS S3 buckets provide user permissions via ACLs. The control fails if ACLs are configured for managing user access on S3 buckets.

Query

Tables used in this query:

• aws_s3_bucket

Controls using this query:

• 12 S3 access control lists (ACLs) should not be used to manage user access to buckets
• S3 buckets access control lists (ACLs) should not be used to manage user access to buckets

SQL