Amazon S3

S3 Transfer Acceleration Disabled

This plugin ensures that S3 buckets have transfer acceleration enabled to efficiently enable data transfers.

Risk Level: Low

Description

This plugin ensures that S3 buckets have transfer acceleration enabled to efficiently enable data transfers. S3 buckets should have transfer acceleration enabled to transfer data across the edge network in a fast and secure manner.

About the Service

Amazon S3: Amazon Simple Storage Service, popularly known as Amazon S3, is a storage space available on the cloud. Using Amazon S3, you can store and retrieve any amount of data. The S3 versioning process maintains versions of an S3 bucket whenever any action is carried out.

Impact

S3 Bucket transfer acceleration is a bucket-level feature by virtue of which, objects can be transferred in a secure and fast way from clients to an S3 bucket. It is important for the data to follow an optimized path when your customers upload data to a centralized location and it needs to be transferred in an efficient manner.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the Amazon S3 Management Console. You can use this link (https://console.aws.amazon.com/s3) to navigate directly if already logged in. 
  3. A list of S3 buckets will be displayed. Select the bucket you wish to examine by clicking on its name.
  4. Move to the Properties section.
  5. Scroll down to the Transfer acceleration section, and check if it is enabled. In case it is “Disabled”, the vulnerability exists.
  6. Repeat steps for all the S3 buckets you want to investigate.

Steps for Remediation

Modify Amazon S3 bucket to enable transfer acceleration.

Using AWS Console:

  1. Log In to your AWS Console.
  2. Open the Amazon S3 Management Console. You can use this link (https://console.aws.amazon.com/s3) to navigate directly if already logged in. 
  3. A list of S3 buckets will be displayed. Select the vulnerable bucket by clicking on its name.
  4. Move to the Properties section.
  5. Scroll down to the Transfer acceleration section, click on the Edit button.
  6. Click on Enable, to enable the transfer acceleration. Click on Save Changes to modify the bucket.
  7. Repeat these steps for all the vulnerable S3 buckets.