If you received a mail from Amazon Web Services stating that they have found a bucket where your permissions allow anonymous requestors to perform READ operations, here is the solution.

Original message:

We’ve noticed that your Amazon S3 account has a bucket where your permissions allow anonymous requestors to perform READ operations, enumerating the contents of the bucket. Amazon S3 buckets are private by default. Recently, some tools and scripts have emerged which scan services like Amazon S3 and enumerate objects in publicly listable buckets. These tools could be used to identify objects in your bucket. The use of these tools against your buckets may also produce unintended charges in your account.

1. Go to http://aws.amazon.com/s3/ and log into your Amazon S3 account

2. Right-click on your buckets and click Properties

3. Go to the tab Permissions

4. You will see a Grantee “Everyone” (if you don’t go to the next bucket until you find the Grantee Everyone)

5. The Grantee Everyone has a permission checked for “List”:

6. Uncheck the option LIST and the grantee will disappear completely

7. People can still access your bucket objects but cannot list the bucket content (which can be a security issue)

This should fix your security issues and lower your Amazon S3 Bill

8. Please subscribe to our feed with FeedDemon