By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured

0

Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3 buckets for this control?

Topics
StorageManagement & Governance
Tags
Amazon Simple Storage ServiceAWS Control TowerStorage
Language
English
Anonymous
asked 10 months ago340 views
2 Answers
1
Accepted Answer

We can consider to create an 'exceptions' OU. For AWS accounts (not at bucket level) that requires exception, we can place them in this OU. For more details, refers to: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/exceptions-ou.html

AWS
ronald_l
answered 10 months ago
0

Using the standard Control Tower control, unfortunately no there isn't. The best option would be to use a similar control (it's a Cloudformation guard rule). But define it yourself to have the exceptions required, following the guidance here: https://docs.aws.amazon.com/cfn-guard/latest/ug/writing-rules.html

As this is a CloudFormation guard rule, it's a proactive control, so will run against Cloudformation stacks when processes try to deploy them.

profile pictureAWS
Jimmy Morgan
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content