S3 Bucket has an ACL defined which allows public access.
Explanation
S3 bucket permissions should be set to deny public access unless explicitly required.
Granting write access publicly with public-read-write is especially dangerous as you will be billed for any uploaded files.
Additionally, you should not use the authenticated-read canned ACL, as this provides read access to any authenticated AWS user, not just AWS users within your organisation.
Insecure Example
The following example will fail the AWS001 check.
resource "aws_s3_bucket" "my-bucket" {
acl = "public-read"
}Secure Example
The following example will pass the AWS001 check.
resource "aws_s3_bucket" "my-bucket" {
acl = "private"
}