Checks if your Amazon S3 buckets do not allow public read access. The rule checks the Block Public Access settings, the bucket policy, and the bucket access control list (ACL).
The rule is compliant when both of the following are true:
The Block Public Access setting restricts public policies or the bucket policy does not allow public read access.
The Block Public Access setting restricts public ACLs or the bucket ACL does not allow public read access.
The rule is noncompliant when:
If the Block Public Access setting does not restrict public policies, AWS Config evaluates whether the policy allows public read access. If the policy allows public read access, the rule is noncompliant.
If the Block Public Access setting does not restrict public bucket ACLs, AWS Config evaluates whether the bucket ACL allows public read access. If the bucket ACL allows public read access, the rule is noncompliant.
To be considered non-public, an S3 bucket policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: Variables.
Identifier: S3_BUCKET_PUBLIC_READ_PROHIBITED
Resource Types: AWS::S3::Bucket
Trigger type: Configuration changes and Periodic
AWS Region: All supported AWS regions
Parameters:
AWS CloudFormation templateTo create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4