From 8fa7ce9d5c61820e7e816e158548140407f99bff Mon Sep 17 00:00:00 2001
From: Nuha Shawahna <nuha.shawahna@arcticwolf.com>
Date: Tue, 1 Nov 2022 13:54:47 -0300
Subject: [PATCH] Remediation guide for plugin S3 Glacier Vault Public Access

---
 .../glacier/S3-glacier-vault-public-access.md | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 en/aws/glacier/S3-glacier-vault-public-access.md

diff --git a/en/aws/glacier/S3-glacier-vault-public-access.md b/en/aws/glacier/S3-glacier-vault-public-access.md
new file mode 100644
index 000000000..0e759d1a4
--- /dev/null
+++ b/en/aws/glacier/S3-glacier-vault-public-access.md
@@ -0,0 +1,25 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AWS / Glacier / S3 Glacier Vault Public Access
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | S3 Glacier Vault Public Access |
+| **Cloud** | AWS |
+| **Category** | Glacier |
+| **Description** | Ensure that S3 Glacier Vault public access block is enabled for the account |
+| **More Info** | Blocking S3 Glacier Vault public access at the account level ensures objects are not accidentally exposed |
+| **AWS Link** | http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html |
+| **Recommended Action** | Add access policy for the S3 Glacier Vault to block public access for the AWS account |
+
+## Detailed Remediation Steps
+1. Log into the AWS Management Console. </br>
+2. Select the "Services" option and search for S3 Glacier. </br> 
+3. On the navigation pane to the left, click on vaults. </br>
+4. Click the vault name that you need you need to edit its policy to block public access. </br>
+5. Select Vault Policies tab. </br>
+6. Click on Edit vault access policy. </br>
+7. Edit the policy by removing public access (e.g. "Resource": "*" or "Principal": "*", and "Effect": "Allow") and make sure the policy grant access only to fixed values (values that don't contain a wildcard or an AWS Identity and Access Management Policy Variable). </br>
+8. See this resource to understand when a policy considered public: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html#access-control-block-public-access-policy-status </br>
\ No newline at end of file