include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

All users (ie: anyone in the world authenticated or not) have read and write permissions with the ``++public-read-write++`` access control:

----
resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive
  bucket = "mynoncompliantbucketname"
  acl    = "public-read-write"
}
----

== Compliant Solution

With the ``++private++`` access control (default), only the bucket owner has the read/write permissions on the buckets and its ACL.

[source,terraform]
----
resource "aws_s3_bucket" "mycompliantbucket" { # Compliant
  bucket = "mycompliantbucketname"
  acl    = "private"
}
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]