S3 bucket permissions should be set to deny public access unless explicitly required.
Granting write access publicly with
public-read-write is especially dangerous as you will be billed for any uploaded files.
Additionally, you should not use the
authenticated-read canned ACL, as this provides read access to any authenticated AWS user, not just AWS users within your organisation.
The following example will fail the AWS001 check.
The following example will pass the AWS001 check.