13
Resources
80
Total Findings
103
Rules Executed
16
Unique Rules
0
Exception
15.431s
Timespent
Summary
Filter
BucketReplication
Reliability- Description
- You have not enabled bucket replication on 10 buckets. Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets.
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195 | Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete | Bucket::kuettai-dojo01
- Label
- Cost Incurred
- Recommendation
- AWS Docs
BucketLifecycle
Cost Optimization- Description
- You have not configured lifecycle policies for objects in 9 buckets. Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. This will save you cost by moving infrequently accessed objects to lower cost storage tiers and expiring objects that are no longer needed.
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195 | Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::kuettai-dojo01
- Label
- Cost Incurred (maybe)
- Recommendation
- AWS Docs
BucketLogging
Security- Description
- You have not enabled server access logging in 10 buckets. Server access logging provides detailed records for the requests that are made to a bucket.
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195 | Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete | Bucket::kuettai-dojo01
- Label
- Cost Incurred
- Recommendation
- AWS Docs
MFADelete
Security- Description
- You have not enabled MFA delete on 10 buckets. MFA delete provides added security if, for example, your security credentials are compromised. MFA delete can help prevent accidental bucket deletions by requiring the user who initiates the delete action to prove physical possession of an MFA device with an MFA code and adding an extra layer of friction and security to the delete action.
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195 | Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete | Bucket::kuettai-dojo01
- Recommendation
- Prevention for Accidental Deletions on S3
- AWS Docs
BucketVersioning
Reliability- Description
- You have not enabled versioning on 8 buckets. Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.With versioning you can recover more easily from both unintended user actions and application failures.
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195 | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete | Bucket::kuettai-dojo01
- Label
- Cost Incurred
- Recommendation
- AWS Docs
- Manage Versioning Example
ObjectLock
Security- Description
- You have not enabled object lock on 10 buckets. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195 | Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete | Bucket::kuettai-dojo01
- Recommendation
- AWS Docs
TlsEnforced
Security- Description
- You have not enforced encryption of data in transit in 10 buckets. You can use HTTPS (TLS) to help prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. You should allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition on Amazon S3 bucket policies..
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195 | Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete | Bucket::kuettai-dojo01
- Label
- Testing Required (maybe)
- Recommendation
- AWS Docs
ObjectsInIntelligentTier
Cost Optimization- Description
- Your objects in 7 S3 buckets are not in S3 Intelligent Tier. The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective access tier when access patterns change. For a small monthly object monitoring and automation charge, S3 Intelligent-Tiering monitors access patterns and automatically moves objects that have not been accessed to lower-cost access tiers. Unless all your objects are very frequently accessed, or the data lifecycle is very clearly known and defined, it is considered best practice to store your objects in Intelligent Tier.
- Resources
- ap-southeast-1: Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe | Bucket::codepipeline-ap-southeast-1-183991447891 | Bucket::config-bucket-961319563195 | Bucket::dojo-logs | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete | Bucket::kuettai-dojo01
- Label
- Cost Incurred (maybe)
- Recommendation
- AWS Docs
AccessControlList
Security- Description
- You are using 4 S3 buckets with ACLs. ACLs are legacy access control mechanisms that predate IAM. Instead of ACLs, we recommend using S3 bucket policies or AWS Identity and Access Management (IAM) policies to manage access to your S3 buckets.
- Resources
- ap-southeast-1: Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h | Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6 | Bucket::kuettai-solutions-bucket-ap-southeast-1
- us-east-1: Bucket::kuettai-dojo01
- Recommendation
- Protecting data with IAM
MacieToEnable
Security- Description
- You should evaluate using a tool, such as Amazon Macie, that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data, such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
- Resources
- ap-southeast-1: Macie
- us-east-1: Macie
- Label
- Cost Incurred
- Recommendation
- Getting started with Amazon Macie
Detail
ap-southeast-1
1. aws-codestar-ap-southeast-1-961319563195
| Check | Current Value | Recommendation |
|---|---|---|
| BucketReplication | Off | Enable Bucket Replication |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
2. aws-codestar-ap-southeast-1-961319563195-dojo-pipe
| Check | Current Value | Recommendation |
|---|---|---|
| BucketReplication | Off | Enable Bucket Replication |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
3. codepipeline-ap-southeast-1-183991447891
| Check | Current Value | Recommendation |
|---|---|---|
| BucketReplication | Off | Enable Bucket Replication |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
4. config-bucket-961319563195
| Check | Current Value | Recommendation |
|---|---|---|
| BucketReplication | Off | Enable Bucket Replication |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
5. documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
6. documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
7. dojo-logs
| Check | Current Value | Recommendation |
|---|---|---|
| BucketReplication | Off | Enable Bucket Replication |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
8. kuettai-solutions-bucket-ap-southeast-1
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
Macie
| Check | Current Value | Recommendation |
|---|---|---|
| MacieToEnable | None | Enable Macie |
us-east-1
10. cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete
| Check | Current Value | Recommendation |
|---|---|---|
| BucketReplication | Off | Enable Bucket Replication |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
11. kuettai-dojo01
| Check | Current Value | Recommendation |
|---|---|---|
| AccessControlList | Enabled | Enable SSE |
| BucketReplication | Off | Enable Bucket Replication |
| ObjectsInIntelligentTier | Off | Enable Intelligent Tiering |
| BucketLifecycle | Off | Configure Lifecycle Policies |
| BucketLogging | Off | Enable Server Access Logging |
| MFADelete | Off | Enable MFA Delete |
| BucketVersioning | Off | Enable Versioning |
| ObjectLock | Off | Enable Object Lock |
| TlsEnforced | Off | Enforce Encryption of Data in Transit |
Macie
| Check | Current Value | Recommendation |
|---|---|---|
| MacieToEnable | None | Enable Macie |