Adding a Config Rule to test for External Account in S3 bucket policies

awslabs / aws-config-rules

[Node, Python, Java] Repository of sample Custom Rules for AWS Config.

http://aws.amazon.com/config/

Creative Commons Zero v1.0 Universal

1.58k stars 851 forks source link

Adding a Config Rule to test for External Account in S3 bucket policies #372

Open aepmont opened 2 years ago

aepmont commented 2 years ago

I confirm these files are made available under CC0 1.0 Universal (https://creativecommons.org/publicdomain/zero/1.0/legalcode)

Issue #, if available:

Description of changes:

Adding a config rule which checks the given resource policy of an S3 Bucket and ensures S3 Bucket is owned by the same account organisational unit. If the account id is not identified in the given Organisational Unit then it's identified as _NONCOMPLIANT