Compliance Controls¶
List of available controls:
S3 bucket ACLs should not be accessible to all authenticated user (
s3_bucket_not_accessible_to_all_authenticated_user)S3 bucket cross-account permissions should be restricted (
s3_bucket_policy_restricts_cross_account_permission_changes)S3 bucket cross-region replication should be enabled (
s3_bucket_cross_region_replication_enabled)S3 bucket default encryption should be enabled (
s3_bucket_default_encryption_enabled)S3 bucket default encryption should be enabled with KMS (
s3_bucket_default_encryption_enabled_kms)S3 bucket logging should be enabled (
s3_bucket_logging_enabled)S3 bucket MFA delete should be enabled (
s3_bucket_mfa_delete_enabled)S3 bucket object lock should be enabled (
s3_bucket_object_lock_enabled)S3 bucket policy should prohibit public access (
s3_bucket_policy_restrict_public_access)S3 bucket versioning should be enabled (
s3_bucket_versioning_enabled)S3 buckets access control lists (ACLs) should not be used to manage user access to buckets (
s3_bucket_acls_should_prohibit_user_access)S3 buckets should enforce SSL (
s3_bucket_enforces_ssl)S3 buckets should have event notifications enabled (
s3_bucket_event_notifications_enabled)S3 buckets should have lifecycle policies configured (
s3_bucket_lifecycle_policy_enabled)S3 buckets should prohibit public read access (
s3_bucket_restrict_public_read_access)S3 buckets should prohibit public write access (
s3_bucket_restrict_public_write_access)S3 buckets static website hosting should be disabled (
s3_bucket_static_website_hosting_disabled)S3 buckets with versioning enabled should have lifecycle policies configured (
s3_bucket_versioning_and_lifecycle_policy_enabled)S3 public access should be blocked at account level (
s3_public_access_block_account)S3 public access should be blocked at bucket levels (
s3_public_access_block_bucket)VPC Security groups should only allow unrestricted incoming traffic for authorized ports (
vpc_security_group_allows_ingress_authorized_ports)
