1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
This control disallows changes to encryption for all Amazon S3 buckets. This is a preventive control with elective guidance. By default, this control is not enabled.
The artifact for this control is the following service control policy (SCP). { "Version": "2012-10-17", "Statement": [ { "Sid": "GRAUDITBUCKETENCRYPTIONENABLED", "Effect": "Deny", "Action": [ "s3:PutEncryptionConfiguration" ], "Resource": [""], "Condition": { "ArnNotLike": { "aws:PrincipalARN":"arn:aws:iam:::role/AWSControlTowerExecution" } } } ] }
With the above you should be able to create bucket but encryption might not have been enabled for the bucket. more details: https://docs.aws.amazon.com/controltower/latest/userguide/elective-controls.html
beantwortet vor 3 Monaten
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 7 Monaten