CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00267
- creditSnyk Research Team
Description
Wildcard principal has been specified in Glacier Vault access policy. For resource-based policies, using a wildcard (*) with an Allow effect grants access to all users, including anonymous users (public access).
How to fix?
Set the access_policy.Statement.Principal attribute in aws_glacier_vault to a value other than * or {“AWS:“*”}. Set the Statement.Effect attribute in aws_glacier_vault to Deny.
Example Configuration
resource "aws_glacier_vault" "allowed3" {
name = "allowed3"
access_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
"Sid" : "disable-permissions"
"Principal": "*"
"Action" : [
"glacier:AbortVaultLock",
"glacier:CreateVault",
"glacier:DeleteArchive",
"glacier:DeleteVaultAccessPolicy",
"glacier:AbortMultipartUpload"
]
"Effect" : "Deny"
"Resource" : "arn:aws:glacier:us-east-1:824152625835:vaults/allowed3"
},
]
})
}