S3

  1. Home
  2. S3

40

Resources

202

Total Findings

220

Rules Executed

16

Unique Rules

0

Exception

51.488s

Timespent

Summary

Filter

MacieToEnable

Security
Description
You should evaluate using a tool, such as Amazon Macie, that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data, such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
Resources
ap-northeast-1: Macie
ap-northeast-2: Macie
ap-northeast-3: Macie
ap-south-1: Macie
ap-southeast-2: Macie
ca-central-1: Macie
eu-central-1: Macie
eu-north-1: Macie
eu-west-1: Macie
eu-west-2: Macie
eu-west-3: Macie
sa-east-1: Macie
us-east-1: Macie
us-east-2: Macie
us-west-1: Macie
us-west-2: Macie
Label
Cost Incurred
Recommendation
Getting started with Amazon Macie

BucketReplication

Reliability
Description
You have not enabled bucket replication on 20 buckets. Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Label
Cost Incurred
Recommendation
AWS Docs

EventNotification

Operation Excellence
Description
When you enable S3 Event Notifications, you receive alerts when specific events occur that impact your S3 buckets. For example, you can be notified of object creation, object removal, and object restoration. These notifications can alert relevant teams to accidental or intentional modifications that may lead to unauthorized data access.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Label
Cost Incurred
Recommendation
AWS Docs

ObjectsInIntelligentTier

Cost Optimization
Description
Your objects in 14 S3 buckets are not in S3 Intelligent Tier. The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective access tier when access patterns change. For a small monthly object monitoring and automation charge, S3 Intelligent-Tiering monitors access patterns and automatically moves objects that have not been accessed to lower-cost access tiers. Unless all your objects are very frequently accessed, or the data lifecycle is very clearly known and defined, it is considered best practice to store your objects in Intelligent Tier.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::testcurver2bucket
Label
Cost Incurred (maybe)
Recommendation
AWS Docs

BucketLifecycle

Cost Optimization
Description
You have not configured lifecycle policies for objects in 15 buckets. Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. This will save you cost by moving infrequently accessed objects to lower cost storage tiers and expiring objects that are no longer needed.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Label
Cost Incurred (maybe)
Recommendation
AWS Docs

BucketLogging

Security
Description
You have not enabled server access logging in 20 buckets. Server access logging provides detailed records for the requests that are made to a bucket.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Label
Cost Incurred
Recommendation
AWS Docs

MFADelete

Security
Description
You have not enabled MFA delete on 20 buckets. MFA delete provides added security if, for example, your security credentials are compromised. MFA delete can help prevent accidental bucket deletions by requiring the user who initiates the delete action to prove physical possession of an MFA device with an MFA code and adding an extra layer of friction and security to the delete action.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Recommendation
Prevention for Accidental Deletions on S3
AWS Docs

BucketVersioning

Reliability
Description
You have not enabled versioning on 18 buckets. Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.With versioning you can recover more easily from both unintended user actions and application failures.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Label
Cost Incurred
Recommendation
AWS Docs
Manage Versioning Example

ObjectLock

Security
Description
You have not enabled object lock on 20 buckets. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Recommendation
AWS Docs

TlsEnforced

Security
Description
You have not enforced encryption of data in transit in 20 buckets. You can use HTTPS (TLS) to help prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. You should allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition on Amazon S3 bucket policies..
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Label
Testing Required (maybe)
Recommendation
AWS Docs

AccessControlList

Security
Description
You are using 19 S3 buckets with ACLs. ACLs are legacy access control mechanisms that predate IAM. Instead of ACLs, we recommend using S3 bucket policies or AWS Identity and Access Management (IAM) policies to manage access to your S3 buckets.
Resources
ap-southeast-1: Bucket::aws-athena-query-results-769655955296-ap-southeast-1 | Bucket::aws-cloudtrail-logs-769655955296-b457067d | Bucket::cf-templates-axtacndawvmi-ap-southeast-1 | Bucket::config-bucket-769655955296 | Bucket::tgw-flow-log-s3 | Bucket::wwcurbucket | Bucket::wws3inventory
us-east-1: Bucket::aws-athena-query-results-cid-769655955296-us-east-1 | Bucket::cf-templates-axtacndawvmi-us-east-1 | Bucket::cid-769655955296-shared | Bucket::sagemaker-studio-769655955296-hn1cxm2eq5 | Bucket::sagemaker-studio-edt80ljq4 | Bucket::sagemaker-studio-nifj1w84os | Bucket::sagemaker-us-east-1-769655955296 | Bucket::security-hub-format-s3bucketname-7uxkruwhbbhe | Bucket::securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs | Bucket::testcurver2bucket | Bucket::wwsagemakerbucket
us-west-2: Bucket::do-not-delete-gatedgarden-audit-769655955296
Recommendation
Protecting data with IAM
Detail
ap-northeast-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
ap-northeast-2

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
ap-northeast-3

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
ap-south-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
ap-southeast-1

5. aws-athena-query-results-769655955296-ap-southeast-1

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

6. aws-cloudtrail-logs-769655955296-b457067d

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

7. cf-templates-axtacndawvmi-ap-southeast-1

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

8. config-bucket-769655955296

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

9. tgw-flow-log-s3

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

10. wwcurbucket

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

11. wws3inventory

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE
ap-southeast-2

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
ca-central-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
eu-central-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
eu-north-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
eu-west-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
eu-west-2

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
eu-west-3

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
sa-east-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
us-east-1

20. aws-athena-query-results-cid-769655955296-us-east-1

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

21. cf-templates-axtacndawvmi-us-east-1

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

22. cid-769655955296-shared

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

23. cloudtrail-awslogs-769655955296-fhklab3h-isengard-do-not-delete

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit

24. sagemaker-studio-769655955296-hn1cxm2eq5

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

25. sagemaker-studio-edt80ljq4

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

26. sagemaker-studio-nifj1w84os

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

27. sagemaker-us-east-1-769655955296

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

28. security-hub-format-s3bucketname-7uxkruwhbbhe

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

29. securityhubcsvmanagerstac-securityhubexportbucket0-a2e5yuo0rpvs

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

30. testcurver2bucket

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
ObjectsInIntelligentTier Off Enable Intelligent Tiering
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

31. wwsagemakerbucket

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
us-east-2

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
us-west-1

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie
us-west-2

35. do-not-delete-gatedgarden-audit-769655955296

CheckCurrent ValueRecommendation
BucketReplication Off Enable Bucket Replication
EventNotification On Enable Event Notification
BucketLifecycle Off Configure Lifecycle Policies
BucketLogging Off Enable Server Access Logging
MFADelete Off Enable MFA Delete
BucketVersioning Off Enable Versioning
ObjectLock Off Enable Object Lock
TlsEnforced Off Enforce Encryption of Data in Transit
AccessControlList Enabled Enable SSE

Macie

CheckCurrent ValueRecommendation
MacieToEnable None Enable Macie