beta
Home
What's New
FAQ
No Items in Stack
Browse
beta
Home
No Items in Stack
Browse

Security Control

Config Rules
CloudWatch Alarms & Rules
IAM Policies
S3 Bucket Policies
Security Groups & NACLs
Service Control Policies

Domain

VPC
S3
EC2
IAM
DynamoDB
RDS
Logging & Monitoring
Amazon GuardDuty
Amazon Inspector
KMS
Billing and Cost

Configuration Packages

Enable Logging Services
Deploy Amazon VPC
Compliance and Monitoring
VPC and Network Monitoring
S3 Security
Network Activity Monitoring

Solutions, Guides & Tools

Security Solutions
Security Tools
Close

S3 Security

AWS security controls to help protect Amazon S3. Controls include IAM policies, S3 bucket policies, Config rules, and CloudWatch events and alarms.

ConfigurationSolutions & Tools
30/30
FILTERS
 
Configuration Type
S3IAM PolicyS3 Bucket PolicyCloudWatch AlarmsCloudWatch EventsConfig RuleService Control Policy
IAM Policy
Allows IAM Users Access to Their S3 Home Directory
S3
A policy that allows IAM users to access their own home directory in S3. The home directory is a bucket that includes a home folder and folders for individual users (Programmatically and in the Console).
2 Tags
Limits Managing to a Specific S3 Bucket and Denies All Other Actions
S3
A policy that limits managing an S3 bucket by allowing all S3 actions on the specific bucket, but explicitly denying access to every AWS service except Amazon S3. This policy also denies access to actions that ca...
1 Tag
Allows Read and Write Access to a Specific S3 Bucket
S3
A policy that allows Read and Write access to a specific S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
1 Tag
Allows Read and Write Access to a Specific S3 Bucket, Programmatically and in the Console.
S3
A policy that allows Read and Write access to a specific S3 bucket. This policy also provides the permissions necessary to complete this action on the console.
2 Tags
Allow users to read objects in a portion of the S3 bucket.
S3
A policy that allows Read access to a specific folder within an S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
1 Tag
Allow users to only drop files to a specific folder within an S3 bucket.
S3
A policy that allows write access to a specific folder within an S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
1 Tag
S3 Bucket Policy
Require SSL (encryption in-transit) to access the S3 Bucket.
S3
A policy that denies any access to the S3 bucket that is not encrypted in-transit (uses HTTP instead of HTTPS).
2 Tags
Prevent S3 Buckets and Objects from Allowing Public Access
S3
A policy that denies an S3 bucket or any uploaded object with the attribute x-amz-acl having the values public-read, public-read-write, or authenticated-read. This means authenticated users cannot change the buck...
2 Tags
Restrict Access to Specific IP Addresses
S3
A policy that grants permissions to any user to perform any Amazon S3 operations on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition.
1 Tag
Restricting Access to a Specific HTTP Referrer
S3
A policy that allows s3:GetObject permission with a condition, using the aws:referer key, that the get request must originate from specific webpages.
0 Tags
Require MFA for Bucket Access
S3
A policy that denies any Amazon S3 operation on the bucket if the request is not MFA authenticated.
3 Tags
Restrict S3 bucket read access to a Cloudfront origin
S3
A policy that denies any requests to read objects in an S3 bucket that don't come from a specific Cloudfront distribution. You must specify the canonical user ID for your CloudFront distribution's origin access i...
2 Tags
Grant Read-Only Permission to any Anonymous User
S3
A policy that grants the s3:GetObject permission to any public anonymous user.
1 Tag
Grant AWS Config access to the Amazon S3 Bucket
S3
An S3 Bucket policy grants access to AWS Config to store its history files and snapshots on the S3 bucket.
2 Tags
Grant AWS CloudTrail access to the Amazon S3 Bucket
S3
An S3 Bucket policy grants access to AWS CloudTrail to deliver log files to the S3 bucket.
2 Tags
Grant AWS CloudTrail and AWS Config access to the Amazon S3 Bucket
S3
An S3 Bucket policy grants access to AWS Config and AWS CloudTrail to deliver log files to the S3 bucket.
3 Tags
Config Rule
s3-bucket-ssl-requests-only
S3
Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).
1 Tag
s3-bucket-logging-enabled
S3
Checks whether logging is enabled for your S3 buckets.
0 Tags
s3-bucket-public-read-prohibited
S3
Checks that your Amazon S3 buckets do not allow public read access. If an Amazon S3 bucket policy or bucket ACL allows public read access, the bucket is noncompliant.
0 Tags
s3-bucket-public-write-prohibited
S3
Checks that your Amazon S3 buckets do not allow public write access. If an Amazon S3 bucket policy or bucket ACL allows public write access, the bucket is noncompliant.
0 Tags
s3-bucket-server-side-encryption-enabled
S3
Checks whether the S3 bucket policy denies the S3:PutObject requests that are not encrypted using AES-256 or AWS KMS.
1 Tag
s3-bucket-versioning-enabled
S3
Checks whether versioning is enabled for your S3 buckets. Optionally, the rule checks if MFA delete is enabled for your S3 buckets.
0 Tags
s3-bucket-policy-not-more-permissive
S3
A Config rule that verifies that your Amazon S3 bucket policies do not allow other inter-account permissions that the control S3 bucket policy that you provide.
0 Tags
s3-blacklisted-actions-prohibited
S3
A config rule that checks that the Amazon Simple Storage Service bucket policy does not allow blacklisted bucket-level and object-level actions on resources in the bucket for principals from other AWS accounts. F...
0 Tags
s3-bucket-policy-grantee-check
S3
A Config rule that checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide. The rule is COMPL...
0 Tags
s3-bucket-replication-enabled
S3
A Config rule that checks whether S3 buckets have cross-region replication enabled.
0 Tags