Address AWS Foundational Security Best Practices for S3 in AFT resources:
Details:
There are other AWS Foundational Security Best Practices for S3 that cause SecurityHub alerts for many AFT S3 Buckets. These are:
[S3.5] S3 buckets should require requests to use Secure Socket Layer
[S3.8] S3 Block Public Access setting should be enabled at the bucket level
[S3.9] S3 bucket server access logging should be enabled
[S3.10] S3 buckets with versioning enabled should have lifecycle policies configured
[S3.11] S3 buckets should have event notifications enabled
[S3.13] S3 buckets should have lifecycle policies configured
Address AWS Foundational Security Best Practices for S3 in AFT resources:
Details: There are other AWS Foundational Security Best Practices for S3 that cause SecurityHub alerts for many AFT S3 Buckets. These are:
[S3.5] S3 buckets should require requests to use Secure Socket Layer [S3.8] S3 Block Public Access setting should be enabled at the bucket level [S3.9] S3 bucket server access logging should be enabled [S3.10] S3 buckets with versioning enabled should have lifecycle policies configured [S3.11] S3 buckets should have event notifications enabled [S3.13] S3 buckets should have lifecycle policies configured
This causes compliance issues with AFT.
_Originally posted by @rikturnbull in https://github.com/aws-ia/terraform-aws-control_tower_account_factory/issues/190#issuecomment-1382009003_