About review FTR for my architecture -part 1

0

Question 1. Is there a process in place to periodically review access levels of S3 buckets? Question 2. Are all of the resources hosted in private subnets?

I'm try to find any command line or any service help me with those tasks above. Or we have those done manually.

asked 2 months ago37 views
1 Answer
2

Hello.

Question 1. Is there a process in place to periodically review access levels of S3 buckets?

You can use AWS Config to record whether your S3 bucket is publicly accessible.
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html

I think checking with AWS Config rules will meet your requirements.
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html

Question 2. Are all of the resources hosted in private subnets?

AWS resources (EC2, RDS, etc.) running within the VPC are configured by the user, so it is possible to launch them into a private subnet.

Also, I think it is possible to use AWS Config to check whether the AWS resources you created in your VPC are in a private subnet.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.html

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions