Security Finding — CRITICAL
Finding ID: SEC-2026-001
Severity: CRITICAL
Reported by: Fatima Al-Rashid (Head of Security)
Date: 2026-04-30
Problem
The S3 bucket nimbuscloud-platform-assets has acl = "public-read" in infrastructure/terraform/s3.tf. This makes all objects publicly accessible and constitutes a UK GDPR Article 32 breach risk.
Files
infrastructure/terraform/s3.tf — line with acl = "public-read"aws_s3_bucket_public_access_block resource is commented out
Acceptance Criteria
Security Finding — CRITICAL
Finding ID: SEC-2026-001
Severity: CRITICAL
Reported by: Fatima Al-Rashid (Head of Security)
Date: 2026-04-30
Problem
The S3 bucket
nimbuscloud-platform-assetshasacl = "public-read"ininfrastructure/terraform/s3.tf. This makes all objects publicly accessible and constitutes a UK GDPR Article 32 breach risk.Files
infrastructure/terraform/s3.tf— line withacl = "public-read"aws_s3_bucket_public_access_blockresource is commented outAcceptance Criteria
private