Ensure all S3 buckets employ encryption-at-rest
Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest. Encrypting data at rest reduces the likelihood that it is unintentionally exposed and can nullify the impact of disclosure if the encryption remains unbroken.
Risk Level: High
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.CFT.CRY.01
Covered by Spectral: Yes
Category: Storage
GSL LOGIC
AWS_S3_Bucket should have BucketEncryption
REMEDIATION
From CFT
Set AWS::S3::Bucket BucketEncryption
property
References
- https://docs.aws.amazon.com/AmazonS3/latest/user-guide/default-bucket-encryption.html
- https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-related-resources
Simple Storage Service (S3)
Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ��� web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago