Check for S3 Bucket Public Permissions and Automate Permission Removal

[robperc]

We need a check that looks for public S3 read/write permissions and automatically revokes these when found. This check would look for the following public permissions:

Bucket list objects
Bucket write objects (This is high severity)
Bucket read permissions
Bucket write permissions (This is high severity)

For the high severity permissions we should explicitly detail the customer should manually audit the bucket and it's objects to ensure that is has not been compromised.

This automation workflow can follow a similar pattern to the one for Exposed Access Keys linked below:

https://github.com/aws/Trusted-Advisor-Tools/tree/master/ExposedAccessKeys

Let me know what you think about this proposed check.

[robperc]

This proposed check is implemented in the following PR:

#6

[faridnsh]

To ensure that public s3 buckets don't have happen in our organisation, we simply used this: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html

If public access is blocked at account then trusted advisor s3 check would never fail, so one wouldn't need to have any reactive approach. To ensure no one changes the public access block setting, we set a policy via SCP.