Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured

0

Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3 buckets for this control?

Topics
Management & GovernanceStorage
Tags
StorageAWS Control TowerAmazon Simple Storage Service
Language
English
asked 3 years ago877 views
2 Answers
1
Accepted Answer

We can consider to create an 'exceptions' OU. For AWS accounts (not at bucket level) that requires exception, we can place them in this OU. For more details, refers to: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/exceptions-ou.html

AWS
answered 3 years ago
0

Using the standard Control Tower control, unfortunately no there isn't. The best option would be to use a similar control (it's a Cloudformation guard rule). But define it yourself to have the exceptions required, following the guidance here: https://docs.aws.amazon.com/cfn-guard/latest/ug/writing-rules.html

As this is a CloudFormation guard rule, it's a proactive control, so will run against Cloudformation stacks when processes try to deploy them.

AWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content