search

aws-ia / terraform-aws-control_tower_account_factory

AWS Control Tower Account Factory
Apache License 2.0
624 stars 414 forks source link

Address AWS Foundational Security Best Practices for S3 #300

Open stumins opened 1 year ago

stumins commented 1 year ago

Address AWS Foundational Security Best Practices for S3 in AFT resources:

Details: There are other AWS Foundational Security Best Practices for S3 that cause SecurityHub alerts for many AFT S3 Buckets. These are:

[S3.5] S3 buckets should require requests to use Secure Socket Layer [S3.8] S3 Block Public Access setting should be enabled at the bucket level [S3.9] S3 bucket server access logging should be enabled [S3.10] S3 buckets with versioning enabled should have lifecycle policies configured [S3.11] S3 buckets should have event notifications enabled [S3.13] S3 buckets should have lifecycle policies configured

This causes compliance issues with AFT.

_Originally posted by @rikturnbull in https://github.com/aws-ia/terraform-aws-control_tower_account_factory/issues/190#issuecomment-1382009003_

matthewbarreiro commented 7 months ago

This issue has been open for a year, has there been any internal progress on it?

If everything is using AWS SDK calls, I would hope enabling this should cause no issues?