Which set of actions will immediately remediate the security issue without impacting the application’s normal workflow?
Create an AWS Lambda function that applies a deny all policy for users who are not authenticated. Create a scheduled event to invoke the Lambda function.
Review the AWS Trusted Advisor bucket permissions check and implement the recommended actions.
Run a script that puts a private ACL on all of the objects in the bucket.
Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcIs option to TRUE on the bucket.
Explanations:
Creating a Lambda function to apply a deny policy does not provide immediate remediation. It requires setting up and scheduling, which can take time and might not integrate seamlessly with the existing application workflow. Additionally, it could disrupt legitimate users if not implemented correctly.
While reviewing AWS Trusted Advisor for bucket permissions can be beneficial, implementing changes based on recommendations can take time and is not an immediate solution to the public access issue. It does not provide a direct, quick fix to prevent unauthorized access.
Running a script to change the ACL of all objects to private could work, but it may impact the application’s normal workflow since it might affect existing access configurations that the application relies on for generating signed URLs. It is not an immediate remediation solution.
Using the Block Public Access feature to set the IgnorePublicAcls option to TRUE immediately restricts public access to the bucket and its contents, preventing any unauthorized downloads while allowing the application to continue functioning normally with signed URLs for authenticated users. This action can be done quickly through the AWS Management Console or CLI.
If I’m not mistaken, the answer is:
Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcIs option to TRUE on the bucket.