remediating-s3-bucket-misconfiguration

Featured

This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations that expose sensitive data to unauthorized access. It covers enabling S3 Block Public Access at account and bucket levels, auditing bucket policies and ACLs, enforcing encryption, configuring access logging, and deploying automated remediation using AWS Config and Lambda.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Remediating S3 Bucket Misconfiguration ## When to Use - When AWS Config or Security Hub reports S3 buckets with public access or missing encryption - When a security scan reveals S3 bucket policies granting access to Principal "*" (everyone) - When preparing for a data protection audit requiring evidence of storage security controls - When responding to a data exposure incident involving publicly accessible S3 objects - When establishing preventive controls for new S3 bucket creation across an AWS Organization **Do not use** for Azure Blob Storage or GCP Cloud Storage misconfigurations, for S3 data classification (see implementing-cloud-dlp-policy), or for S3 access pattern analysis unrelated to security. ## Prerequisites - AWS account with S3 administrative permissions (s3:*, s3-outposts:*) - AWS Config enabled to evaluate S3 resource compliance - AWS CloudTrail logging S3 data events for access auditing - Macie enabled for sensitive data discovery in S3 buckets ## Workflow ### Step 1: Identify All Public and Misconfigured Buckets Use multiple detection methods to identify S3 buckets with public access. Rely on AWS Config rules, S3 Access Analyzer, and Macie rather than manual inspection. ```bash # Enable S3 Access Analyzer for external access detection aws accessanalyzer create-analyzer \ --analyzer-name s3-analyzer \ --type ACCOUNT # List all S3 buckets with public access indicators aws s3api list-buckets --query 'Buckets[*].Name' --output text | while read...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

AWS · Cloud Google Cloud · Cloud Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

auditing-aws-s3-bucket-permissions

Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, and missing encryption settings using AWS CLI, S3audit, and Prowler to enforce least-privilege data access controls.

12,642 Updated today
mukul975
AI & Automation Solid

detecting-azure-storage-account-misconfigurations

Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.

12,642 Updated today
mukul975
AI & Automation Featured

detecting-s3-data-exfiltration-attempts

Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs, GuardDuty findings, Amazon Macie alerts, and S3 access patterns to identify unauthorized bulk downloads and cross-account data transfers.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

implementing-aws-security-hub

This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that aggregates findings from GuardDuty, Inspector, Macie, and third-party tools. It details enabling security standards like CIS AWS Foundations Benchmark, configuring automated remediation, and building executive dashboards for compliance tracking across multi-account AWS organizations.

12,642 Updated today
mukul975
AI & Automation Featured

securing-aws-iam-permissions

This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce least privilege access across cloud accounts. It covers IAM policy scoping, permission boundaries, Access Analyzer integration, and credential rotation strategies to reduce the blast radius of compromised identities.

12,642 Updated today
mukul975