Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading policies...

Policy: AWS > S3 > Bucket > Policy > Trusted Access

Take an action when AWS S3 bucket policy is not trusted based on the AWS > S3 > Bucket > Policy > Trusted Access > * policies.

The Trusted Access control evaluates the bucket policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Accounts, Trusted Access > Services etc.), this control raises an alarm and takes the defined enforcement action.

The account that owns the bucket will always be trusted, even if its account ID is not included in the Trusted Accounts policy.

If set to Enforce: Revoke untrusted access, access to non-trusted members will be removed.

Targets

This policy targets the following resource types:

  • AWS > S3 > Bucket

Primary Policy

This policy is used with the following primary policy:

  • AWS > S3 > Bucket > Policy

Related Policies

  • Accounts
  • CloudFront Origin Access Identities
  • Identity Providers
  • Organization Path Restrictions
  • Organization Restrictions
  • Services

Controls

Setting this policy configures this control:

  • AWS > S3 > Bucket > Policy > Trusted Access

Policy Packs

This policy setting is used by the following policy packs:

  • Enforce Trusted Access for Policies on AWS S3 Buckets

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip

  • Check: Trusted Access

  • Enforce: Revoke untrusted access

Category

  • Security > Trusted Access

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/turbot#/control/categories/securityTrustedAccess
    • Policy Type URI
    • tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccess
    • GraphQL
    • query policyType(id: "tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccess") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccess'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccess'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccess"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccess"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM