AWS S3 Console → Bucket: customer-data-archive
⚠ Public Access Enabled
Objects
Object
Visibility
Last Modified
customer_2024.csv
Public
2026-03-26
report.xlsx
Public
2026-03-27
backup.zip
Public
2026-03-28
Bucket Policy
{ "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::customer-data-archive/*" }
Analyst Prompt
是否已構成資料暴露事件?
應先關閉 Public Access,還是先保全證據與查詢存取紀錄?
根因是 bucket policy、IAM 權限,還是交付流程失控?