A Config rule that checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide. The rule is COMPLIANT if a bucket policy is not present.

This config rule supports the following parameters:

  • awsPrincipals
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of principals such as IAM User ARNs, IAM Role ARNs and AWS accounts
  • servicePrincipals
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of service principals
  • federatedUsers
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of identity providers for web identity federation such as Amazon Cognito and SAML identity providers
  • ipAddresses
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of CIDR formatted IP addresses
  • vpcIds
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of Amazon Virtual Private Clouds (Amazon VPC) IDs

ConfigRule
AWS::Config::ConfigRule


Scope

ComplianceResourceTypes

Source *
CustomPolicyDetails
SourceDetails

CloudFormation Template

Share Template