Control: AWS > S3 > Bucket > Policy > Trusted Access
Take an action when AWS S3 bucket policy is not trusted based on the AWS > S3 > Bucket > Policy > Trusted Access > * policies.
The Trusted Access control evaluates the bucket policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Accounts, Trusted Access > Services etc.), this control raises an alarm and takes the defined enforcement action.
The account that owns the bucket will always be trusted, even if its account ID is not included in the Trusted Accounts policy.
If set to Enforce: Revoke untrusted access, access to non-trusted members will be removed.
Resource Types
This control targets the following resource types:
Policies
The following policies can be used to configure this control:
This control type relies on these other policies when running actions:
- AWS > S3 > Bucket > CMDB
- AWS > S3 > Bucket > Policy > Trusted Access > Accounts
- AWS > S3 > Bucket > Policy > Trusted Access > CloudFront Origin Access Identities
- AWS > S3 > Bucket > Policy > Trusted Access > Identity Providers
- AWS > S3 > Bucket > Policy > Trusted Access > Organization Path Restrictions
- AWS > S3 > Bucket > Policy > Trusted Access > Organization Restrictions
- AWS > S3 > Bucket > Policy > Trusted Access > Services
Permissions
Cloud permissions used by this control and its actions:
s3:DeleteBucketPolicys3:PutBucketPolicy
Category
In Your Workspace
Developers
- tmod:@turbot/aws-s3#/control/types/bucketPolicyTrustedAccess
- tmod:@turbot/turbot#/control/categories/securityTrustedAccess
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-s3#/control/types/bucketPolicyTrustedAccess"
Get Controls