Mod: aws-s3

The aws-s3 mod consists of 3 resource types, 86 policies, 23 controls and 18 actions.

Recommended Version

Resource Types

• AWS > S3
• AWS > S3 > Account
• AWS > S3 > Bucket

Controls

• AWS > S3 > Account > CMDB
• AWS > S3 > Account > Discovery
• AWS > S3 > Account > Public Access Block
• AWS > S3 > Bucket > Access Logging
• AWS > S3 > Bucket > ACL
• AWS > S3 > Bucket > ACL > Trusted Access
• AWS > S3 > Bucket > Active
• AWS > S3 > Bucket > Approved
• AWS > S3 > Bucket > CMDB
• AWS > S3 > Bucket > Configured
• AWS > S3 > Bucket > Discovery
• AWS > S3 > Bucket > Encryption at Rest
• AWS > S3 > Bucket > Encryption in Transit
• AWS > S3 > Bucket > Intelligent Assessment
• AWS > S3 > Bucket > Policy
• AWS > S3 > Bucket > Policy > Trusted Access
• AWS > S3 > Bucket > Policy Statements
• AWS > S3 > Bucket > Policy Statements > Approved
• AWS > S3 > Bucket > Public Access Block
• AWS > S3 > Bucket > Stack [Native]
• AWS > S3 > Bucket > Tags
• AWS > S3 > Bucket > Usage
• AWS > S3 > Bucket > Versioning

IAM Roles

• AWS/S3/Admin
• AWS/S3/Metadata
• AWS/S3/Operator
• AWS/S3/ReadOnly

Quick Actions

• AWS > S3 > Account > Router
• AWS > S3 > Account > Set Public Access Block
• AWS > S3 > Bucket > Delete
• AWS > S3 > Bucket > Disable all Block Public Access settings
• AWS > S3 > Bucket > Disable Versioning
• AWS > S3 > Bucket > Enable all Block Public Access settings
• AWS > S3 > Bucket > Enable Encryption in Transit
• AWS > S3 > Bucket > Enable Versioning
• AWS > S3 > Bucket > Router
• AWS > S3 > Bucket > Set ACL Trusted Access
• AWS > S3 > Bucket > Set Encryption at Rest to AWS Managed Key
• AWS > S3 > Bucket > Set Encryption at Rest to AWS SSE
• AWS > S3 > Bucket > Set Encryption at Rest to Customer Managed Key
• AWS > S3 > Bucket > Set Encryption at Rest to None
• AWS > S3 > Bucket > Set Encryption in Transit
• AWS > S3 > Bucket > Set Policy Trusted Access
• AWS > S3 > Bucket > Set Public Access Block
• AWS > S3 > Bucket > Set Tags
• AWS > S3 > Bucket > Set Versioning
• AWS > S3 > Bucket > Skip alarm for Active control
• AWS > S3 > Bucket > Skip alarm for Active control [90 days]
• AWS > S3 > Bucket > Skip alarm for Approved control
• AWS > S3 > Bucket > Skip alarm for Approved control [90 days]
• AWS > S3 > Bucket > Skip alarm for Encryption at Rest control
• AWS > S3 > Bucket > Skip alarm for Encryption at Rest control [90 days]
• AWS > S3 > Bucket > Skip alarm for Tags control
• AWS > S3 > Bucket > Skip alarm for Tags control [90 days]
• AWS > S3 > Bucket > Update Access Logging
• AWS > S3 > Bucket > Update Default Encryption
• AWS > S3 > Bucket > Update Default Encryption at Rest
• AWS > S3 > Bucket > Update Tags

Policies

• AWS > S3 > Account > CMDB
• AWS > S3 > Account > Public Access Block
• AWS > S3 > Account > Public Access Block > Settings
• AWS > S3 > API Enabled
• AWS > S3 > Approved Regions [Default]
• AWS > S3 > Bucket > Access Logging
• AWS > S3 > Bucket > Access Logging > Bucket
• AWS > S3 > Bucket > Access Logging > Key Prefix
• AWS > S3 > Bucket > ACL
• AWS > S3 > Bucket > ACL > Trusted Access
• AWS > S3 > Bucket > ACL > Trusted Access > Canonical IDs
• AWS > S3 > Bucket > ACL > Trusted Access > Groups
• AWS > S3 > Bucket > Active
• AWS > S3 > Bucket > Active > Age
• AWS > S3 > Bucket > Active > Budget
• AWS > S3 > Bucket > Active > Last Modified
• AWS > S3 > Bucket > Approved
• AWS > S3 > Bucket > Approved > Budget
• AWS > S3 > Bucket > Approved > Custom
• AWS > S3 > Bucket > Approved > Regions
• AWS > S3 > Bucket > Approved > Usage
• AWS > S3 > Bucket > CMDB
• AWS > S3 > Bucket > Configured
• AWS > S3 > Bucket > Configured > Claim Precedence
• AWS > S3 > Bucket > Configured > Source
• AWS > S3 > Bucket > Encryption at Rest
• AWS > S3 > Bucket > Encryption at Rest > Customer Managed Key
• AWS > S3 > Bucket > Encryption in Transit
• AWS > S3 > Bucket > Intelligent Assessment
• AWS > S3 > Bucket > Intelligent Assessment > Context
• AWS > S3 > Bucket > Intelligent Assessment > User Prompt
• AWS > S3 > Bucket > Policy
• AWS > S3 > Bucket > Policy > Trusted Access
• AWS > S3 > Bucket > Policy > Trusted Access > Accounts
• AWS > S3 > Bucket > Policy > Trusted Access > CloudFront Origin Access Identities
• AWS > S3 > Bucket > Policy > Trusted Access > Identity Providers
• AWS > S3 > Bucket > Policy > Trusted Access > Organization Path Restrictions
• AWS > S3 > Bucket > Policy > Trusted Access > Organization Restrictions
• AWS > S3 > Bucket > Policy > Trusted Access > Services
• AWS > S3 > Bucket > Policy Statements
• AWS > S3 > Bucket > Policy Statements > Approved
• AWS > S3 > Bucket > Policy Statements > Approved > Encryption at Rest
• AWS > S3 > Bucket > Policy Statements > Approved > Encryption in Transit
• AWS > S3 > Bucket > Policy Statements > Approved > Rules
• AWS > S3 > Bucket > Policy Statements > Approved > Rules > Compiled Rules
• AWS > S3 > Bucket > Policy Statements > Approved > Trusted Accounts [Deprecated]
• AWS > S3 > Bucket > Policy Statements > Approved > Trusted Identity Providers [Deprecated]
• AWS > S3 > Bucket > Policy Statements > Approved > Trusted Services [Deprecated]
• AWS > S3 > Bucket > Public Access Block
• AWS > S3 > Bucket > Public Access Block > Settings
• AWS > S3 > Bucket > Regions
• AWS > S3 > Bucket > Stack [Native]
• AWS > S3 > Bucket > Stack [Native] > Drift Detection
• AWS > S3 > Bucket > Stack [Native] > Drift Detection > Interval
• AWS > S3 > Bucket > Stack [Native] > Modifier
• AWS > S3 > Bucket > Stack [Native] > Secret Variables
• AWS > S3 > Bucket > Stack [Native] > Source
• AWS > S3 > Bucket > Stack [Native] > Timeout
• AWS > S3 > Bucket > Stack [Native] > Variables
• AWS > S3 > Bucket > Stack [Native] > Version
• AWS > S3 > Bucket > Tags
• AWS > S3 > Bucket > Tags > Template
• AWS > S3 > Bucket > Usage
• AWS > S3 > Bucket > Usage > Limit
• AWS > S3 > Bucket > Versioning
• AWS > S3 > Connection Region
• AWS > S3 > Enabled
• AWS > S3 > Permissions
• AWS > S3 > Permissions > Levels
• AWS > S3 > Permissions > Levels > Access Logging Administration
• AWS > S3 > Permissions > Levels > ACL Administration
• AWS > S3 > Permissions > Levels > CORS Administration
• AWS > S3 > Permissions > Levels > Cross Replication Administration
• AWS > S3 > Permissions > Levels > Modifiers
• AWS > S3 > Permissions > Lockdown
• AWS > S3 > Permissions > Lockdown > API Boundary
• AWS > S3 > Regions
• AWS > S3 > Tags Template [Default]
• AWS > S3 > Trusted Accounts [Default]
• AWS > S3 > Trusted Identity Providers [Default]
• AWS > S3 > Trusted Organizations [Default]
• AWS > S3 > Trusted Services [Default]
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-s3
• AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-s3
• AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-s3
• AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-s3

Policy Packs

• AWS CIS v3.0.0 - Section 2 - Storage
• AWS CIS v3.0.0 - Section 3 - Logging
• Enforce Access Logging Is Enabled for AWS S3 Buckets
• Enforce Approved Replication Accounts for AWS S3 Buckets
• Enforce AWS S3 Buckets Use DNS-Compliant Names
• Enforce Block Public Access Is Enabled for AWS S3 Accounts
• Enforce Block Public Access Is Enabled for AWS S3 Buckets
• Enforce CloudFront Distribution for AWS S3 Buckets Is Secured
• Enforce Creator and Creation Time Tags for AWS S3 Buckets
• Enforce Encryption at Rest Is Enabled for AWS S3 Buckets
• Enforce Encryption in Transit Is Enabled for AWS S3 Buckets
• Enforce Trusted Access for ACLs on AWS S3 Buckets
• Enforce Trusted Access for Policies on AWS S3 Buckets
• Enforce Versioning Is Enabled for AWS S3 Buckets