Video: S3 Buckets Granted Full Access to Someone Other Than Account Owner

by

This is one in a series of short, simple J1 queries that will help you interrogate your AWS environments. The JupiterOne platform used to run these queries is free.

In this J1 Query example, we're going to be searching for people who are not the owners of an S3 bucket, but still have full control and meta-permissions for that bucket. This type of query allows us to analyze the permissions of various roles, groups and users, as well as seeing how buckets are protected and accessible via those permissions.

Cut-and-Paste Query

Here's the query you can use to cut-and-paste into your J1 instance. Watch JupiterOne technical expert, Akash Ganapathi, walk through the example query and then display the results in real time. If you find this useful, give us some contact info at the bottom of this page and we'll send you twice a month updates as we continue to explore various environments with JupiterOne. You'll also receive a personal invitation to a hands-on J1 Query Workshop in March.

FIND aws_s3_bucket as bucket
  THAT ALLOWS as grant * as grantee
WHERE
  grant.permission='FULL_CONTROL' and bucket.ownerId != grantee.canonicalUserId

 

 

Contribute your J1 Query to the Community

We will frequently be adding cut-and-paste J1 queries to our gallery. Join the community and every two weeks we'll send you a list of new queries. You can contribute your own queries for inclusion and examination in an upcoming article. Use the form below to join us.

Akash Ganapathi
Akash Ganapathi

Akash Ganapathi comes from an enterprise security, data privacy, and data analysis background, working exclusively in the B2B software solutions space throughout his career. He is currently a Principal Security Solutions Architect at JupiterOne.

Keep Reading

Better Together: CMDB + CSPM = Cloud Native Cyber Asset Management
September 4, 2024
Blog
Better Together: CMDB + CSPM = Cloud Native Cyber Asset Management

There is a lot of confusion out there when it comes to cloud native IT and cloud security tools. Things have gotten rather complicated over the last few years as we

Top Takeaways From the Cyentia Institute’s Inaugural Study of EPSS Data and Performance - "A VISUAL EXPLORATION OF EXPLOITATION IN THE WILD"
July 30, 2024
Blog
Top Takeaways From the Cyentia Institute’s Inaugural Study of EPSS Data and Performance

A CISO's Top 6 Takeaways From the Cyentia Institute’s Inaugural Study of EPSS Data and Performance "A Visual Exploration of Exploitation in the Wild"

Open Source Compliance, Endpoint and Vulnerability Management with Fleet | JupiterOne
July 24, 2024
Blog
Open Source Compliance, Endpoint and Vulnerability Management with Fleet

Here’s how Fleet integrates with JupiterOne to gain comprehensive insights and enhance the security in our environment.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.