Control: 11 S3 buckets should have event notifications enabled
Description
This control checks whether S3 Event Notifications are enabled on an Amazon S3 bucket. This control fails if S3 Event Notifications are not enabled on a bucket.
By enabling Event Notifications, you receive alerts on your Amazon S3 buckets when specific events occur. For example, you can be notified of object creation, object removal, and object restoration. These notifications can alert relevant teams to accidental or intentional modifications that may lead to unauthorized data access.
Remediation
For more information on detecting changes to S3 buckets and objects, see Amazon S3 Event Notifications in the Amazon S3 User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_s3_11Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_s3_11 --shareSQL
This control uses a named query:
select arn as resource, case when event_notification_configuration ->> 'EventBridgeConfiguration' is null and event_notification_configuration ->> 'LambdaFunctionConfigurations' is null and event_notification_configuration ->> 'QueueConfigurations' is null and event_notification_configuration ->> 'TopicConfigurations' is null then 'alarm' else 'ok' end as status, case when event_notification_configuration ->> 'EventBridgeConfiguration' is null and event_notification_configuration ->> 'LambdaFunctionConfigurations' is null and event_notification_configuration ->> 'QueueConfigurations' is null and event_notification_configuration ->> 'TopicConfigurations' is null then title || ' event notifications disabled.' else title || ' event notifications enabled.' end as reason , region, account_idfrom aws_s3_bucket;