Benchmark: 2.1 Simple Storage Service (S3)
Overview
This section contains recommendations for configuring AWS Simple Storage Service (S3) Buckets.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 2.1 Simple Storage Service (S3).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_v300_2_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_v300_2_1 --shareControls
- 2.1.1 Ensure S3 Bucket Policy is set to deny HTTP requests
- 2.1.2 Ensure MFA Delete is enabled on S3 buckets
- 2.1.3 Ensure all data in Amazon S3 has been discovered, classified and secured when required
- 2.1.4 Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'