PlatformResourcesSign inSign Up

S3 Policies

Suggest Edits

How to Use this Page

This page lists the AWS S3 Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure bucket ACL does not grant READ permission to everyone
Policy ID: BC_AWS_S3_1

Ensure AWS S3 bucket is not publicly writable
Policy ID: BC_AWS_S3_2

Ensure bucket ACL does not grant READ_ACP permission to everyone
Policy ID: BC_AWS_S3_3

Ensure bucket ACL does not grant WRITE_ACP permission to everyone
Policy ID: BC_AWS_S3_4

Ensure bucket ACL does not grant FULL_CONTROL permission to everyone
Policy ID: BC_AWS_S3_5

Ensure bucket ACL does not grant READ permission to AWS users
Policy ID: BC_AWS_S3_6

Ensure bucket ACL does not grant WRITE permission to AWS users
Policy ID: BC_AWS_S3_7

Ensure bucket ACL does not grant READ_ACP permission to AWS users
Policy ID: BC_AWS_S3_8

Ensure bucket ACL does not grant WRITE_ACP permission to AWS users
Policy ID: BC_AWS_S3_9

Ensure bucket ACL does not grant FULL_CONTROL permission to AWS users
Policy ID: BC_AWS_S3_10

Ensure S3 bucket policy does not grant Allow permission to everyone
Policy ID: BC_AWS_S3_11

Ensure AWS access logging is enabled on S3 buckets
Policy ID: BC_AWS_S3_13

Ensure data stored in the S3 bucket is securely encrypted at rest
Policy ID: BC_AWS_S3_14

Ensure data is transported from the S3 bucket securely
Policy ID: BC_AWS_S3_15

Ensure AWS S3 object versioning is enabled
Policy ID: BC_AWS_S3_16

Ensure bucket policy does not grant Write permissions to public
Policy ID: BC_AWS_S3_18

Ensure S3 bucket has block public ACLS enabled
Policy ID: BC_AWS_S3_19

Ensure S3 bucket BlockPublicPolicy is set to True
Policy ID: BC_AWS_S3_20

Ensure S3 bucket IgnorePublicAcls is set to True
Policy ID: BC_AWS_S3_21

Ensure S3 bucket RestrictPublicBucket is set to True
Policy ID: BC_AWS_S3_22

Ensure S3 bucket does not allow an action with any Principal
Policy ID: BC_AWS_S3_23

Ensure S3 bucket MFA Delete is enabled
Policy ID: BC_AWS_S3_24

Ensure S3 bucket modifications can be detected
Policy ID: BC_AWS_ALERT_1

Updated over 2 years ago