Overview

A Config rule that checks whether the S3 bucket policy denies the S3:PutObject requests that are not encrypted using AES-256 or AWS KMS.

Configuration Templates

Items
1
Size
0.6 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: s3-bucket-server-side-encryption-enabled
      Description: >-
        A Config rule that checks whether the S3 bucket policy denies the
        S3:PutObject requests that are not encrypted using AES-256 or AWS KMS.
      Scope:
        ComplianceResourceTypes:
          - 'AWS::S3::Bucket'
      Source:
        Owner: AWS
        SourceIdentifier: S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Cf Template

Rule Parameters

No rule paramters
 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: