Policy: AWS > CIS v1.4 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure all data in Amazon S3 has been discovered, classified and secured when required. (Manual)

Configures auditing against a CIS Benchmark item.

Level: 2 (Not Scored)

Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets.

Resource Types

This policy targets the following resource types:

AWS > S3 > Bucket

Primary Policy

This policy is used with the following primary policy:

AWS > CIS v1.4 > 2 - Storage > 2.01 - Simple Storage Service (S3)

Attestation

Controls

Policy Specification

Schema Type	`string`
Default	`Per AWS > CIS v1.4 > 2 - Storage using attestation`
Valid Values [YAML]	`Per AWS > CIS v1.4 > 2 - Storage using attestation` `Skip` `Check: Level 2 (Not Scored) using attestation`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v070501

Policy Type URI

tmod:@turbot/aws-cisv1-4#/policy/types/r020104

GraphQL

query policyType(id: "tmod:@turbot/aws-cisv1-4#/policy/types/r020104") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-cisv1-4#/policy/types/r020104'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-cisv1-4#/policy/types/r020104'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-cisv1-4#/policy/types/r020104"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-cisv1-4#/policy/types/r020104"