S3 bucket permissions should be set to deny public access unless explicitly required.
Granting write access publicly with
public-read-write is especially dangerous as you will be billed for any uploaded files.
Additionally, you should not use the
authenticated-read canned ACL, as this provides read access to any authenticated AWS user, not just AWS users within your organisation.
The contents of the bucket can be accessed publicly
Apply a more restrictive bucket ACL
The following example will fail the aws-s3-no-public-access-with-acl check.
The following example will pass the aws-s3-no-public-access-with-acl check.