S3 Buckets outside of Europe

In order to be complaint, ensure that S3 Bucket is in europe.

Risk Level: Low
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.AWS.AS.02
Covered by Spectral: No
Category: Storage

GSL LOGIC

S3Bucket should have region like 'eu_%'

REMEDIATION

From Portal
Note: We cannot change the region for existing S3 bucket, while we can create a new S3 bucket in one of europe regions, copy all the objects into this new S3 bucket from the previous bucket and delete the old bucket that is not in europe. Following are the steps:

  1. Log in to the AWS Management Console.
  2. Create a new bucket in desired region. Note that you can not have the same bucket name as your current one because bucket names must be unique.
  3. Copy the contents of the current bucket to the new bucket created in the region you prefer.
  4. Once copied, delete the old bucket.
  5. Replace the bucket name to the old name in the new region if you prefer to maintain the same name for the bucket in the new region. Note that you can only do this after you deleted the old bucket.

From CLI
The following create-bucket example creates a bucket:

aws s3api create-bucket --bucket BUCKET_NAME --region REGION_NAME --create-bucket-configuration LocationConstraint=eu-west-1

Note: Regions outside of us-east-1 require the appropriate LocationConstraint to be specified in order to create the bucket in the desired region.

References

  1. For detailed instructions, refer to the docs: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html
  2. https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html
  3. https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-bucket.html
  4. https://docs.aws.amazon.com/cli/latest/reference/s3api/create-bucket.html

Simple Storage Service (S3)

Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ��� web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu

Compliance Frameworks

  • AWS GDPR Readiness
  • CloudGuard AWS All Rules Ruleset