ServiceNow CMDB CI relationship sync: faster, more complete →
Turbot Guardrails Hub 
Hub
Mods
AWS
172
Mods
431
Resource Types
6,718
Policies
2,323
Controls
1,637
Quick Actions
528
IAM

Policy: AWS > S3 > Bucket > Encryption at Rest

Define the Encryption at Rest settings required for AWS > S3 > Bucket.

Encryption at Rest refers specifically to the encryption of data when written to an underlying storage system. This control determines whether the resource is encrypted at rest, and sets encryption to your desired level.

The Encryption at Rest control compares the encryption settings against the encryption policies for the resource (AWS > S3 > Bucket > Encryption at Rest > *), raises an alarm, and takes the defined enforcement action.

Note: The below policy values are deprecated and will be removed in the next major mod version because they are no longer supported by AWS.

| Deprecated Values |
|-------------------------------------|
| Check: None |
| Check: None or higher |
| Enforce: None |
| Enforce: None or higher |

Resource Types

This policy targets the following resource types:

Controls

Policy Packs

This policy setting is used by the following policy packs:

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip

  • Check: None

  • Check: None or higher

  • Check: AWS SSE

  • Check: AWS SSE or higher

  • Check: AWS managed key

  • Check: AWS managed key or higher

  • Check: Customer managed key

  • Check: Encryption at Rest > Customer Managed Key

  • Enforce: None

  • Enforce: None or higher

  • Enforce: AWS SSE

  • Enforce: AWS SSE or higher

  • Enforce: AWS managed key

  • Enforce: AWS managed key or higher

  • Enforce: Customer managed key

  • Enforce: Encryption at Rest > Customer Managed Key
Examples [YAML]
  • Check: None or higher

Category

In Your Workspace

Developers