Feature request: check for S3 Buckets with ACLs enabled
rdegraaf opened this issue · comments
Is your feature request related to a problem? Please describe.
Access controls for AWS S3 Buckets can be managed using a combination of identity-based and resource-based permission policies (the current preferred method) and using Bucket ACLs (a largely obsolete method dating back to the early days of AWS). Most Buckets should have ACLs disabled so that we don't need to worry about them. See https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html for details.
Describe the solution you'd like
ScoutSuite should check for S3 Buckets that do not have ACLs disabled. This should be implemented by checking for Buckets where the "ObjectOwnership" setting is not "BucketOwnerEnforced". See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/get-bucket-ownership-controls.html for more information.