Control: AWS > S3 > Bucket > ACL > Trusted Access

Take an action when AWS S3 Bucket ACL is not trusted based on the AWS > S3 > Bucket > ACL > Trusted Access > * policies.

The ACL Trusted Access control evaluates the Bucket ACL against the list of allowed grantees in the ACL Trusted Access sub-policies - ACL > Trusted Access > Canonical IDs - ACL > Trusted Access > Groups

This control raises an alarm and takes the defined enforcement action. If set to Enforce: Revoke untrusted access, access to non-trusted grantees will be removed.

Resource Types

This control targets the following resource types:

AWS > S3 > Bucket

Policies

The following policies can be used to configure this control:

AWS > S3 > Bucket > ACL > Trusted Access

This control type relies on these other policies when running actions:

Permissions

Cloud permissions used by this control and its actions:

s3:PutBucketAcl

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-s3#/control/types/bucketAclTrustedAccess

Category URI

tmod:@turbot/turbot#/control/categories/securityTrustedAccess

GraphQL

query controlType(id: "tmod:@turbot/aws-s3#/control/types/bucketAclTrustedAccess") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-s3#/control/types/bucketAclTrustedAccess'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-s3#/control/types/bucketAclTrustedAccess"