En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured

0

Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3 buckets for this control?

Sujets
StockageGestion et gouvernance
Balises
Simple service de stockage AmazonTour de contrôle AWSStockage
Langue
English
Anonymous
demandé il y a 10 mois365 vues
2 réponses
1
Réponse acceptée

We can consider to create an 'exceptions' OU. For AWS accounts (not at bucket level) that requires exception, we can place them in this OU. For more details, refers to: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/exceptions-ou.html

AWS
ronald_l
répondu il y a 10 mois
0

Using the standard Control Tower control, unfortunately no there isn't. The best option would be to use a similar control (it's a Cloudformation guard rule). But define it yourself to have the exceptions required, following the guidance here: https://docs.aws.amazon.com/cfn-guard/latest/ug/writing-rules.html

As this is a CloudFormation guard rule, it's a proactive control, so will run against Cloudformation stacks when processes try to deploy them.

profile pictureAWS
Jimmy Morgan
répondu il y a 10 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents