An S3 bucket is configured so that authenticated users have unrestricted permisions
Historically, access to all Amazon S3 resources was controlled through an access control list (ACL). Now, Amazon recommends that you control S3 access instead by using IAM or S3 bucket policies. By default, only the account owner has access to an S3 bucket and its contents, but you can change the permissions to allow access by any user. If you provide unrestricted access to a bucket, any authenticated user can modify existing objects, add objects to the bucket, or change permissions on the bucket and its contents. Best practice is always to limit access to only those who require it, so we recommend that you disable public access unless it is truly required.
You should limit S3 public access to only those parties who require it.
|Framework Name||Control #||Control Description|
|nist-sp800-171 Revision 1||3.1.3||Control the flow of CUI in accordance with approved authorizations.|
|pci-dss 3.2.1||10.1||Implement Audit Trails|
|eu-gdpr 2016-679||Article-25||Data protection by design and by default|