19

S3 Config Rules

Last Update 2 maanden geleden

AWS Config Rule: S3 Bucket Public Read Prohibited AWS Config Rule: S3 Bucket Public Write Prohibited AWS Config Rule: S3 Bucket Server Side Encryption Enabled AWS Config Rule: S3 Default KMS Encryption AWS Config Rule: S3 Account Level Public Access Blocks

AWS Config Rule: S3 Bucket Policy Grantee Check

S3_BUCKET_POLICY_GRANTEE_CHECK

Eduardo Van Cauteren

Last Update 2 maanden geleden

Description: Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide. The rule is COMPLIANT if a bucket policy is not present.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Hyderabad), Canada West (Calgary), Europe (Spain) Region

How to Resolve Manually

This config rule evaluates S3 bucket policies to verify that permissions are not granted to all AWS accounts or to the public. The rule will be marked as non-compliant if it has a bucket policy configured.


In order to make this rule compliant, you will need to remove the the bucket policy for each of the existent buckets. Make sure you understand the implications of this change before proceeding.


Note: if a bucket policy contains more than one statement, each statement in the bucket policy is evaluated against this rule.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us