Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured

0

Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3 buckets for this control?

Themen
SpeicherManagement & Unternehmensführung
Tags
Amazon Simple Storage ServiceAWS KontrollturmSpeicher
Sprache
English
Anonymous
gefragt vor 10 Monaten365 Aufrufe
2 Antworten
1
Akzeptierte Antwort

We can consider to create an 'exceptions' OU. For AWS accounts (not at bucket level) that requires exception, we can place them in this OU. For more details, refers to: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/exceptions-ou.html

AWS
ronald_l
beantwortet vor 10 Monaten
0

Using the standard Control Tower control, unfortunately no there isn't. The best option would be to use a similar control (it's a Cloudformation guard rule). But define it yourself to have the exceptions required, following the guidance here: https://docs.aws.amazon.com/cfn-guard/latest/ug/writing-rules.html

As this is a CloudFormation guard rule, it's a proactive control, so will run against Cloudformation stacks when processes try to deploy them.

profile pictureAWS
Jimmy Morgan
beantwortet vor 10 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt