A Config rule that checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide. The rule is COMPLIANT if a bucket policy is not present.
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
ConfigRule:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: s3-bucket-policy-grantee-check
Description: >-
A Config rule that checks that the access granted by the Amazon S3
bucket is restricted by any of the AWS principals, federated users,
service principals, IP addresses, or VPCs that you provide. The rule is
COMPLIANT if a bucket policy is not present.
Scope:
ComplianceResourceTypes:
- 'AWS::S3::Bucket'
InputParameters:
federatedUsers: '3600'
Source:
Owner: AWS
SourceIdentifier: S3_BUCKET_POLICY_GRANTEE_CHECK
Parameters: {}
Metadata: {}
Conditions: {}
Configuration Source: AWS Documentation
Additional Documentation: