S3_BUCKET_PUBLIC_READ_PROHIBITED rule cannot be isolated to a specific s3 resource

awslabs / aws-config-rules

[Node, Python, Java] Repository of sample Custom Rules for AWS Config.

http://aws.amazon.com/config/

Creative Commons Zero v1.0 Universal

1.6k stars 854 forks source link

S3_BUCKET_PUBLIC_READ_PROHIBITED rule cannot be isolated to a specific s3 resource #297

Closed crispyblock closed 4 years ago

crispyblock commented 4 years ago

On the AWS config rule console, specifying the Resource identifier does not limit the scope of this config rule to the designated resource. Am I misunderstanding the intent of this field?

I set the Resources: S3:Bucket
Resource Identifier: [bucket ARN] or [bucket name] (I have tried both)

The rule still evaluates all s3 buckets in my account;

Please let me know if I am misunderstanding the intended use of this field.

jongogogo commented 4 years ago

Hi, I just gave it a try. I observed the same unintended behavior. Let me raise it to the team.

jongogogo commented 4 years ago

Got a heads up, it has been fixed. Please reopen an issue if anything. Thanks!