Control: 13 S3 buckets should have lifecycle policies configured

Description

This control checks if a lifecycle policy is configured for an Amazon S3 bucket. This control fails if a lifecycle policy is not configured for an S3 bucket.

Configuring lifecycle rules on your S3 bucket defines actions that you want S3 to take during an object's lifetime. For example, you can transition objects to another storage class, archive them, or delete them after a specified period of time.

Remediation

For information about configuring lifecycle policies on an Amazon S3 bucket, see Setting lifecycle configuration on a bucket and see Managing your storage lifecycle in the Amazon S3 User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_s3_13

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_s3_13 --share

SQL

This control uses a named query:

with lifecycle_rules_enabled as (
  select
    arn
  from
    aws_s3_bucket,
    jsonb_array_elements(lifecycle_rules) as r
  where
    r ->> 'Status' = 'Enabled'
)
select
  b.arn as resource,
  case
    when r.arn is not null then 'ok'
    else 'alarm'
  end status,
  case
    when r.arn is not null then name || ' lifecycle policy or rules configured.'
    else name || ' lifecycle policy or rules not configured.'
  end reason
  
  , b.region, b.account_id
from
  aws_s3_bucket as b
  left join lifecycle_rules_enabled as r on r.arn = b.arn;

Control: 13 S3 buckets should have lifecycle policies configured

Description

Remediation

Usage

SQL

Tags