Configuration to create an S3 bucket with security configuration options including encryption, logging, and versioning.

A policy that allows IAM users to access their own home directory in S3. The home directory is a bucket that includes a home folder and folders for individual users (Programmatically and in the Console).

A policy that limits managing an S3 bucket by allowing all S3 actions on the specific bucket, but explicitly denying access to every AWS service except Amazon S3. This policy also denies access to actions that ca...

A policy that allows Read and Write access to a specific S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

A policy that allows Read and Write access to a specific S3 bucket. This policy also provides the permissions necessary to complete this action on the console.

A policy that allows Read access to a specific folder within an S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

A policy that allows write access to a specific folder within an S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

A policy that denies any access to the S3 bucket that is not encrypted in-transit (uses HTTP instead of HTTPS).

A policy that denies an S3 bucket or any uploaded object with the attribute x-amz-acl having the values public-read, public-read-write, or authenticated-read. This means authenticated users cannot change the buck...

A policy that grants permissions to any user to perform any Amazon S3 operations on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition.

A policy that allows s3:GetObject permission with a condition, using the aws:referer key, that the get request must originate from specific webpages.

A policy that denies any Amazon S3 operation on the bucket if the request is not MFA authenticated.

A policy that denies any requests to read objects in an S3 bucket that don't come from a specific Cloudfront distribution. You must specify the canonical user ID for your CloudFront distribution's origin access i...

A policy that grants the s3:GetObject permission to any public anonymous user.

A CloudWatch Alarm that triggers when changes are made to an S3 Bucket.

Detect changes to S3 bucket policies and publishes change events to an SNS topic for notification.

Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).

Checks whether logging is enabled for your S3 buckets.

Checks that your Amazon S3 buckets do not allow public read access. If an Amazon S3 bucket policy or bucket ACL allows public read access, the bucket is noncompliant.

Checks that your Amazon S3 buckets do not allow public write access. If an Amazon S3 bucket policy or bucket ACL allows public write access, the bucket is noncompliant.

Checks whether the S3 bucket policy denies the S3:PutObject requests that are not encrypted using AES-256 or AWS KMS.

Checks whether versioning is enabled for your S3 buckets. Optionally, the rule checks if MFA delete is enabled for your S3 buckets.

A Config rule that verifies that your Amazon S3 bucket policies do not allow other inter-account permissions that the control S3 bucket policy that you provide.

A config rule that checks that the Amazon Simple Storage Service bucket policy does not allow blacklisted bucket-level and object-level actions on resources in the bucket for principals from other AWS accounts. F...