- Newest
- Most votes
- Most comments
Hello.
Question 1. Is there a process in place to periodically review access levels of S3 buckets?
You can use AWS Config to record whether your S3 bucket is publicly accessible.
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html
I think checking with AWS Config rules will meet your requirements.
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html
Question 2. Are all of the resources hosted in private subnets?
AWS resources (EC2, RDS, etc.) running within the VPC are configured by the user, so it is possible to launch them into a private subnet.
Also, I think it is possible to use AWS Config to check whether the AWS resources you created in your VPC are in a private subnet.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.html
Relevant content
- asked 2 months ago
- asked 3 years ago
- asked 3 months ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago