Control: AWS > CIS v1.4 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure all data in Amazon S3 has been discovered, classified and secured when required. (Manual)

Configures auditing against a CIS Benchmark item.

Level: 2 (Not Scored)

Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets.

Resource Types

This control targets the following resource types:

AWS > S3 > Bucket

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-cisv1-4#/control/types/r020104

Category URI

tmod:@turbot/cis#/control/categories/v070501

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv1-4#/control/types/r020104") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv1-4#/control/types/r020104'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv1-4#/control/types/r020104"