include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

All users (ie: anyone in the world authenticated or not) have read and write permissions with the ``++PublicReadWrite++`` access control:

[source,yaml]
----
AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket' # Sensitive
    Properties: 
      BucketName: "mynoncompliantbucket"
      AccessControl: "PublicReadWrite"
----

== Compliant Solution

With the ``++private++`` access control (default), only the bucket owner has the read/write permissions on the buckets and its ACL.

[source,yaml]
----
AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket' # Compliant
    Properties:
      BucketName: "mycompliantbucket"
      AccessControl: "Private"
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]