S3 Policies
How to Use this Page
This page lists the AWS S3 Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.
Ensure bucket ACL does not grant READ permission to everyone
Policy ID: BC_AWS_S3_1
Ensure AWS S3 bucket is not publicly writable
Policy ID: BC_AWS_S3_2
Ensure bucket ACL does not grant READ_ACP permission to everyone
Policy ID: BC_AWS_S3_3
Ensure bucket ACL does not grant WRITE_ACP permission to everyone
Policy ID: BC_AWS_S3_4
Ensure bucket ACL does not grant FULL_CONTROL permission to everyone
Policy ID: BC_AWS_S3_5
Ensure bucket ACL does not grant READ permission to AWS users
Policy ID: BC_AWS_S3_6
Ensure bucket ACL does not grant WRITE permission to AWS users
Policy ID: BC_AWS_S3_7
Ensure bucket ACL does not grant READ_ACP permission to AWS users
Policy ID: BC_AWS_S3_8
Ensure bucket ACL does not grant WRITE_ACP permission to AWS users
Policy ID: BC_AWS_S3_9
Ensure bucket ACL does not grant FULL_CONTROL permission to AWS users
Policy ID: BC_AWS_S3_10
Ensure S3 bucket policy does not grant Allow permission to everyone
Policy ID: BC_AWS_S3_11
Ensure AWS access logging is enabled on S3 buckets
Policy ID: BC_AWS_S3_13
Ensure data stored in the S3 bucket is securely encrypted at rest
Policy ID: BC_AWS_S3_14
Ensure data is transported from the S3 bucket securely
Policy ID: BC_AWS_S3_15
Ensure AWS S3 object versioning is enabled
Policy ID: BC_AWS_S3_16
Ensure bucket policy does not grant Write permissions to public
Policy ID: BC_AWS_S3_18
Ensure S3 bucket has block public ACLS enabled
Policy ID: BC_AWS_S3_19
Ensure S3 bucket BlockPublicPolicy is set to True
Policy ID: BC_AWS_S3_20
Ensure S3 bucket IgnorePublicAcls is set to True
Policy ID: BC_AWS_S3_21
Ensure S3 bucket RestrictPublicBucket is set to True
Policy ID: BC_AWS_S3_22
Ensure S3 bucket does not allow an action with any Principal
Policy ID: BC_AWS_S3_23
Ensure S3 bucket MFA Delete is enabled
Policy ID: BC_AWS_S3_24
Ensure S3 bucket modifications can be detected
Policy ID: BC_AWS_ALERT_1
Updated over 2 years ago