public buckets in prod synapse acct

Description

Got the message below from AWS. Some buckets look fine, like static.synapse.org. Others I'm not sure about, like external.bucket.test (there should be no test objects in prod) and access.record.by.month.sagebase.org (scary!). Please review and make sure there is no security hole. Delete any unused/stray buckets.

We’re writing to notify you that your AWS account 325565585839 has one or more S3 buckets that allow read or write access from any user on the Internet. By default, S3 buckets allow only the account owner to access the contents of a bucket; however, customers can configure S3 buckets to permit public access.

Unless you have a specific reason (such as hosting a public website) for this configuration, we recommend that you update your bucket and restrict public access. Your list of buckets configured to allow access by anyone on the Internet as of August 9, 2019 are:

external.bucket.test
staging-ran.synapse.org
docs.synapse.org
versions.synapse.sagebase.org
bootstrap-awss3cloudformationbucket-u7g8la3mrvxv
ran.synapse.org
static-west-2.synapse.org
suggest-places.sagebase.org
access.record.by.month.sagebase.org
static.synapse.org
synapse.org
essentials-awss3lambdaartifactsbucket-3szdmn8v2m4f

Environment

None

Status

Assignee

Xavier Schildwachter

Reporter

Bruce Hoff

Labels

Validator

Bruce Hoff

Release Version History

None

Sprint

Priority

Major