Ensure that the S3 bucket has object lock enabled
Object Lock is an Amazon S3 feature that blocks object version deletion during a user-defined retention period, to enforce retention policies as an additional layer of data protection and/or for strict regulatory compliance.
Risk Level: Low
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.CFT.OPE.08
Covered by Spectral: Yes
Category: Storage
GSL LOGIC
AWS_S3_Bucket should have ObjectLockEnabled=true
REMEDIATION
From CFT
Set AWS::S3::Bucket ObjectLockEnabled
to true and add appropriate rule under ObjectLockConfiguration
.
References
Simple Storage Service (S3)
Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ��� web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago