1 回答
- 最新
- 投票最多
- 评论最多
0
This control disallows changes to encryption for all Amazon S3 buckets. This is a preventive control with elective guidance. By default, this control is not enabled.
The artifact for this control is the following service control policy (SCP). { "Version": "2012-10-17", "Statement": [ { "Sid": "GRAUDITBUCKETENCRYPTIONENABLED", "Effect": "Deny", "Action": [ "s3:PutEncryptionConfiguration" ], "Resource": [""], "Condition": { "ArnNotLike": { "aws:PrincipalARN":"arn:aws:iam:::role/AWSControlTowerExecution" } } } ] }
With the above you should be able to create bucket but encryption might not have been enabled for the bucket. more details: https://docs.aws.amazon.com/controltower/latest/userguide/elective-controls.html
已回答 3 个月前
相关内容
- AWS 官方已更新 2 年前