Mod: aws-s3
The aws-s3 mod consists of 3 resource types, 86 policies, 23 controls and 18 actions.
Recommended Version
Version
5.33.1
Released On
Sep 18, 2025
Depends On
Resource Types
Controls
- AWS > S3 > Account > CMDB
- AWS > S3 > Account > Discovery
- AWS > S3 > Account > Public Access Block
- AWS > S3 > Bucket > Access Logging
- AWS > S3 > Bucket > ACL
- AWS > S3 > Bucket > ACL > Trusted Access
- AWS > S3 > Bucket > Active
- AWS > S3 > Bucket > Approved
- AWS > S3 > Bucket > CMDB
- AWS > S3 > Bucket > Configured
- AWS > S3 > Bucket > Discovery
- AWS > S3 > Bucket > Encryption at Rest
- AWS > S3 > Bucket > Encryption in Transit
- AWS > S3 > Bucket > Intelligent Assessment
- AWS > S3 > Bucket > Policy
- AWS > S3 > Bucket > Policy > Trusted Access
- AWS > S3 > Bucket > Policy Statements
- AWS > S3 > Bucket > Policy Statements > Approved
- AWS > S3 > Bucket > Public Access Block
- AWS > S3 > Bucket > Stack [Native]
- AWS > S3 > Bucket > Tags
- AWS > S3 > Bucket > Usage
- AWS > S3 > Bucket > Versioning
IAM Roles
Quick Actions
- AWS > S3 > Account > Router
- AWS > S3 > Account > Set Public Access Block
- AWS > S3 > Bucket > Delete
- AWS > S3 > Bucket > Disable all Block Public Access settings
- AWS > S3 > Bucket > Disable Versioning
- AWS > S3 > Bucket > Enable all Block Public Access settings
- AWS > S3 > Bucket > Enable Encryption in Transit
- AWS > S3 > Bucket > Enable Versioning
- AWS > S3 > Bucket > Router
- AWS > S3 > Bucket > Set ACL Trusted Access
- AWS > S3 > Bucket > Set Encryption at Rest to AWS Managed Key
- AWS > S3 > Bucket > Set Encryption at Rest to AWS SSE
- AWS > S3 > Bucket > Set Encryption at Rest to Customer Managed Key
- AWS > S3 > Bucket > Set Encryption at Rest to None
- AWS > S3 > Bucket > Set Encryption in Transit
- AWS > S3 > Bucket > Set Policy Trusted Access
- AWS > S3 > Bucket > Set Public Access Block
- AWS > S3 > Bucket > Set Tags
- AWS > S3 > Bucket > Set Versioning
- AWS > S3 > Bucket > Skip alarm for Active control
- AWS > S3 > Bucket > Skip alarm for Active control [90 days]
- AWS > S3 > Bucket > Skip alarm for Approved control
- AWS > S3 > Bucket > Skip alarm for Approved control [90 days]
- AWS > S3 > Bucket > Skip alarm for Encryption at Rest control
- AWS > S3 > Bucket > Skip alarm for Encryption at Rest control [90 days]
- AWS > S3 > Bucket > Skip alarm for Tags control
- AWS > S3 > Bucket > Skip alarm for Tags control [90 days]
- AWS > S3 > Bucket > Update Access Logging
- AWS > S3 > Bucket > Update Default Encryption
- AWS > S3 > Bucket > Update Default Encryption at Rest
- AWS > S3 > Bucket > Update Tags
Policies
- AWS > S3 > Account > CMDB
- AWS > S3 > Account > Public Access Block
- AWS > S3 > Account > Public Access Block > Settings
- AWS > S3 > API Enabled
- AWS > S3 > Approved Regions [Default]
- AWS > S3 > Bucket > Access Logging
- AWS > S3 > Bucket > Access Logging > Bucket
- AWS > S3 > Bucket > Access Logging > Key Prefix
- AWS > S3 > Bucket > ACL
- AWS > S3 > Bucket > ACL > Trusted Access
- AWS > S3 > Bucket > ACL > Trusted Access > Canonical IDs
- AWS > S3 > Bucket > ACL > Trusted Access > Groups
- AWS > S3 > Bucket > Active
- AWS > S3 > Bucket > Active > Age
- AWS > S3 > Bucket > Active > Budget
- AWS > S3 > Bucket > Active > Last Modified
- AWS > S3 > Bucket > Approved
- AWS > S3 > Bucket > Approved > Budget
- AWS > S3 > Bucket > Approved > Custom
- AWS > S3 > Bucket > Approved > Regions
- AWS > S3 > Bucket > Approved > Usage
- AWS > S3 > Bucket > CMDB
- AWS > S3 > Bucket > Configured
- AWS > S3 > Bucket > Configured > Claim Precedence
- AWS > S3 > Bucket > Configured > Source
- AWS > S3 > Bucket > Encryption at Rest
- AWS > S3 > Bucket > Encryption at Rest > Customer Managed Key
- AWS > S3 > Bucket > Encryption in Transit
- AWS > S3 > Bucket > Intelligent Assessment
- AWS > S3 > Bucket > Intelligent Assessment > Context
- AWS > S3 > Bucket > Intelligent Assessment > User Prompt
- AWS > S3 > Bucket > Policy
- AWS > S3 > Bucket > Policy > Trusted Access
- AWS > S3 > Bucket > Policy > Trusted Access > Accounts
- AWS > S3 > Bucket > Policy > Trusted Access > CloudFront Origin Access Identities
- AWS > S3 > Bucket > Policy > Trusted Access > Identity Providers
- AWS > S3 > Bucket > Policy > Trusted Access > Organization Path Restrictions
- AWS > S3 > Bucket > Policy > Trusted Access > Organization Restrictions
- AWS > S3 > Bucket > Policy > Trusted Access > Services
- AWS > S3 > Bucket > Policy Statements
- AWS > S3 > Bucket > Policy Statements > Approved
- AWS > S3 > Bucket > Policy Statements > Approved > Encryption at Rest
- AWS > S3 > Bucket > Policy Statements > Approved > Encryption in Transit
- AWS > S3 > Bucket > Policy Statements > Approved > Rules
- AWS > S3 > Bucket > Policy Statements > Approved > Rules > Compiled Rules
- AWS > S3 > Bucket > Policy Statements > Approved > Trusted Accounts [Deprecated]
- AWS > S3 > Bucket > Policy Statements > Approved > Trusted Identity Providers [Deprecated]
- AWS > S3 > Bucket > Policy Statements > Approved > Trusted Services [Deprecated]
- AWS > S3 > Bucket > Public Access Block
- AWS > S3 > Bucket > Public Access Block > Settings
- AWS > S3 > Bucket > Regions
- AWS > S3 > Bucket > Stack [Native]
- AWS > S3 > Bucket > Stack [Native] > Drift Detection
- AWS > S3 > Bucket > Stack [Native] > Drift Detection > Interval
- AWS > S3 > Bucket > Stack [Native] > Modifier
- AWS > S3 > Bucket > Stack [Native] > Secret Variables
- AWS > S3 > Bucket > Stack [Native] > Source
- AWS > S3 > Bucket > Stack [Native] > Timeout
- AWS > S3 > Bucket > Stack [Native] > Variables
- AWS > S3 > Bucket > Stack [Native] > Version
- AWS > S3 > Bucket > Tags
- AWS > S3 > Bucket > Tags > Template
- AWS > S3 > Bucket > Usage
- AWS > S3 > Bucket > Usage > Limit
- AWS > S3 > Bucket > Versioning
- AWS > S3 > Connection Region
- AWS > S3 > Enabled
- AWS > S3 > Permissions
- AWS > S3 > Permissions > Levels
- AWS > S3 > Permissions > Levels > Access Logging Administration
- AWS > S3 > Permissions > Levels > ACL Administration
- AWS > S3 > Permissions > Levels > CORS Administration
- AWS > S3 > Permissions > Levels > Cross Replication Administration
- AWS > S3 > Permissions > Levels > Modifiers
- AWS > S3 > Permissions > Lockdown
- AWS > S3 > Permissions > Lockdown > API Boundary
- AWS > S3 > Regions
- AWS > S3 > Tags Template [Default]
- AWS > S3 > Trusted Accounts [Default]
- AWS > S3 > Trusted Identity Providers [Default]
- AWS > S3 > Trusted Organizations [Default]
- AWS > S3 > Trusted Services [Default]
- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-s3
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-s3
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-s3
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-s3
Policy Packs
- AWS CIS v3.0.0 - Section 2 - Storage
- AWS CIS v3.0.0 - Section 3 - Logging
- Enforce Access Logging Is Enabled for AWS S3 Buckets
- Enforce Approved Replication Accounts for AWS S3 Buckets
- Enforce AWS S3 Buckets Use DNS-Compliant Names
- Enforce Block Public Access Is Enabled for AWS S3 Accounts
- Enforce Block Public Access Is Enabled for AWS S3 Buckets
- Enforce CloudFront Distribution for AWS S3 Buckets Is Secured
- Enforce Creator and Creation Time Tags for AWS S3 Buckets
- Enforce Encryption at Rest Is Enabled for AWS S3 Buckets
- Enforce Encryption in Transit Is Enabled for AWS S3 Buckets
- Enforce Trusted Access for ACLs on AWS S3 Buckets
- Enforce Trusted Access for Policies on AWS S3 Buckets
- Enforce Versioning Is Enabled for AWS S3 Buckets