S3 Policies

How to Use this Page

This page lists the AWS S3 Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure bucket ACL does not grant READ permission to everyone
Policy ID: BC_AWS_S3_1

Ensure AWS S3 bucket is not publicly writable
Policy ID: BC_AWS_S3_2

Ensure bucket ACL does not grant READ_ACP permission to everyone
Policy ID: BC_AWS_S3_3

Ensure bucket ACL does not grant WRITE_ACP permission to everyone
Policy ID: BC_AWS_S3_4

Ensure bucket ACL does not grant FULL_CONTROL permission to everyone
Policy ID: BC_AWS_S3_5

Ensure bucket ACL does not grant READ permission to AWS users
Policy ID: BC_AWS_S3_6

Ensure bucket ACL does not grant WRITE permission to AWS users
Policy ID: BC_AWS_S3_7

Ensure bucket ACL does not grant READ_ACP permission to AWS users
Policy ID: BC_AWS_S3_8

Ensure bucket ACL does not grant WRITE_ACP permission to AWS users
Policy ID: BC_AWS_S3_9

Ensure bucket ACL does not grant FULL_CONTROL permission to AWS users
Policy ID: BC_AWS_S3_10

Ensure S3 bucket policy does not grant Allow permission to everyone
Policy ID: BC_AWS_S3_11

Ensure AWS access logging is enabled on S3 buckets
Policy ID: BC_AWS_S3_13

Ensure data stored in the S3 bucket is securely encrypted at rest
Policy ID: BC_AWS_S3_14

Ensure data is transported from the S3 bucket securely
Policy ID: BC_AWS_S3_15

Ensure AWS S3 object versioning is enabled
Policy ID: BC_AWS_S3_16

Ensure bucket policy does not grant Write permissions to public
Policy ID: BC_AWS_S3_18

Ensure S3 bucket has block public ACLS enabled
Policy ID: BC_AWS_S3_19

Ensure S3 bucket BlockPublicPolicy is set to True
Policy ID: BC_AWS_S3_20

Ensure S3 bucket IgnorePublicAcls is set to True
Policy ID: BC_AWS_S3_21

Ensure S3 bucket RestrictPublicBucket is set to True
Policy ID: BC_AWS_S3_22

Ensure S3 bucket does not allow an action with any Principal
Policy ID: BC_AWS_S3_23

Ensure S3 bucket MFA Delete is enabled
Policy ID: BC_AWS_S3_24

Ensure S3 bucket modifications can be detected
Policy ID: BC_AWS_ALERT_1