Control: S3 buckets static website hosting should be disabled
Description
Enabling static website on a S3 bucket requires to grant public read access to the bucket. There is a potential risk of exposure when you turn off block public access settings to make your bucket public. This is recommend to not configure static website on S3 bucket.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.s3_bucket_static_website_hosting_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.s3_bucket_static_website_hosting_disabled --shareSQL
This control uses a named query:
select arn as resource, case when website_configuration -> 'IndexDocument' ->> 'Suffix' is not null then 'alarm' else 'ok' end status, case when website_configuration -> 'IndexDocument' ->> 'Suffix' is not null then name || ' static website hosting enabled.' else name || ' static website hosting disabled.' end reason , region, account_idfrom aws_s3_bucket;