Benchmark: S3
Description
This benchmark provides a set of controls that detect Terraform AWS S3 resources deviating from security best practices.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-terraform-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select S3.
Run this benchmark in your terminal:
powerpipe benchmark run terraform_aws_compliance.benchmark.s3Snapshot and share results via Turbot Pipes:
powerpipe benchmark run terraform_aws_compliance.benchmark.s3 --shareControls
- S3 bucket lifecycle configuration should abort incomplete multipart uploads
- S3 bucket should have block public policy enabled
- S3 bucket cross-region replication should enabled
- S3 bucket default encryption should be enabled
- S3 bucket default encryption should be enabled with KMS
- S3 bucket should ignore public ACLs
- S3 bucket logging should be enabled
- Ensure MFA Delete is enabled on S3 buckets
- S3 bucket object copy should be encrypted with KMS CMK
- S3 bucket object should be encrypted with KMS CMK
- S3 bucket object lock should be enabled
- S3 Block Public Access setting should be enabled at the bucket level
- S3 bucket versioning should be enabled
- S3 public access should be blocked at account level