Policy: AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required

Configures auditing against a CIS Benchmark item.

Level: 2

Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets.

Resource Types

This policy targets the following resource types:

AWS > S3 > Bucket

Primary Policy

This policy is used with the following primary policy:

AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)

Attestation

Controls

Policy Specification

Schema Type	`string`
Default	`Per AWS > CIS v2.0 > 2 - Storage`
Valid Values [YAML]	`Per AWS > CIS v2.0 > 2 - Storage` `Skip` `Check: Benchmark using attestation`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v070501

Policy Type URI

tmod:@turbot/aws-cisv2-0#/policy/types/r020103

GraphQL

query policyType(id: "tmod:@turbot/aws-cisv2-0#/policy/types/r020103") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-cisv2-0#/policy/types/r020103'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-cisv2-0#/policy/types/r020103'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-cisv2-0#/policy/types/r020103"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-cisv2-0#/policy/types/r020103"