Which set of action will immediately remediate the security issue without impacting the application’s normal workflow?
Create an AWS Lambda function that applies all policy for users who are not authenticated. Create a scheduled event to invoke the Lambda function.
Review the AWS Trusted advisor bucket permissions check and implement the recommend actions.
Run a script that puts a Private ACL on all of the object in the bucket.
Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcis option to TRUE on the bucket.
Explanations:
Creating an AWS Lambda function to apply policies for unauthenticated users does not immediately remediate public access to existing files and may introduce delays or complications in the application workflow.
While reviewing AWS Trusted Advisor for bucket permissions is a good practice, implementing its recommendations may take time and does not provide an immediate fix to the public access issue.
Running a script to change the ACL of all objects to Private could work, but it may cause disruptions to the application’s ability to serve existing signed URLs, impacting users’ ability to access their reports.
Using the Block Public Access feature and setting the IgnorePublicAcls option to TRUE immediately prevents any public access to the bucket and its contents, ensuring security while allowing the application to continue functioning normally.
I strategize that the answer is:
Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcis option to TRUE on the bucket.