Amazon S3
Overview
Critical
0High
5Medium
15Low
6Informational
0Security issues (26)
Severity | Non-Compliance | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|
High | — | cf-templates-lqa4fy3xqyy2-us-west-2 | Amazon S3 bucket versioning is disabled. | Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite. | More info | |
Medium | — | cf-templates-lqa4fy3xqyy2-us-west-2 | Amazon S3 bucket is missing Public Access Block configuration. | To ensure that public access to all your S3 buckets and objects is blocked, turn on Public Access Block. | More info | |
Low | PCI DSS 10.2 HIPAA (Audit) | cf-templates-lqa4fy3xqyy2-us-west-2 | Amazon S3 server access logging is disabled. | Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits. | More info | |
Medium | — | cf-templates-lqa4fy3xqyy2-us-west-2 | Amazon S3 bucket uses server-side encryption with Amazon S3-managed encryption keys (SSE-S3). | For more control over the data-at-rest encryption, use server-side encryption with customer-provided encryption keys (SSE-C). | More info | |
Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | cf-templates-lqa4fy3xqyy2-us-west-2 | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
High | — | elasticbeanstalk-us-east-1-531239714189 | Amazon S3 bucket versioning is disabled. | Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite. | More info | |
Medium | — | elasticbeanstalk-us-east-1-531239714189 | Amazon S3 bucket is missing Public Access Block configuration. | To ensure that public access to all your S3 buckets and objects is blocked, turn on Public Access Block. | More info | |
Low | PCI DSS 10.2 HIPAA (Audit) | elasticbeanstalk-us-east-1-531239714189 | Amazon S3 server access logging is disabled. | Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits. | More info | |
Medium | CIS 2.1.1 PCI DSS 3.5 HIPAA (Encryption) | elasticbeanstalk-us-east-1-531239714189 | Amazon S3 bucket server-side encryption is disabled. | Enable server-side encryption for S3 buckets to protect your data. | More info | |
Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | elasticbeanstalk-us-east-1-531239714189 | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
High | — | test-collector | Amazon S3 bucket versioning is disabled. | Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite. | More info | |
Low | PCI DSS 10.2 HIPAA (Audit) | test-collector | Amazon S3 server access logging is disabled. | Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits. | More info | |
Medium | — | test-collector | Amazon S3 bucket uses server-side encryption with Amazon S3-managed encryption keys (SSE-S3). | For more control over the data-at-rest encryption, use server-side encryption with customer-provided encryption keys (SSE-C). | More info | |
Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | test-collector | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
Medium | — | test-resources | Amazon S3 bucket is missing Public Access Block configuration. | To ensure that public access to all your S3 buckets and objects is blocked, turn on Public Access Block. | More info | |
Low | PCI DSS 10.2 HIPAA (Audit) | test-resources | Amazon S3 server access logging is disabled. | Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits. | More info | |
Medium | — | test-resources | Amazon S3 bucket uses server-side encryption with Amazon S3-managed encryption keys (SSE-S3). | For more control over the data-at-rest encryption, use server-side encryption with customer-provided encryption keys (SSE-C). | More info | |
Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | test-resources | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
High | — | test-scanner | Amazon S3 bucket versioning is disabled. | Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite. | More info | |
Low | PCI DSS 10.2 HIPAA (Audit) | test-scanner | Amazon S3 server access logging is disabled. | Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits. | More info | |
Medium | — | test-scanner | Amazon S3 bucket uses server-side encryption with Amazon S3-managed encryption keys (SSE-S3). | For more control over the data-at-rest encryption, use server-side encryption with customer-provided encryption keys (SSE-C). | More info | |
Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | test-scanner | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
High | — | test-update | Amazon S3 bucket versioning is disabled. | Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite. | More info | |
Low | PCI DSS 10.2 HIPAA (Audit) | test-update | Amazon S3 server access logging is disabled. | Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits. | More info | |
Medium | — | test-update | Amazon S3 bucket uses server-side encryption with Amazon S3-managed encryption keys (SSE-S3). | For more control over the data-at-rest encryption, use server-side encryption with customer-provided encryption keys (SSE-C). | More info | |
Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | test-update | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info |
S3 Buckets (6)
Name | Region | Access | Creation date | Security issues |
---|---|---|---|---|
cf-templates-lqa4fy3xqyy2-us-west-2 | US West (Oregon) us-west-2 | Objects can be public | 1 High + 4 others (details) | |
elasticbeanstalk-us-east-1-531239714189 | US East (N. Virginia) us-east-1 | Objects can be public | 1 High + 4 others (details) | |
test-collector | US East (Ohio) us-east-2 | Bucket and objects not public | 1 High + 3 others (details) | |
test-resources | US East (N. Virginia) us-east-1 | Objects can be public | 3 Medium + 1 other (details) | |
test-scanner | US East (N. Virginia) us-east-1 | Bucket and objects not public | 1 High + 3 others (details) | |
test-update | US East (N. Virginia) us-east-1 | Objects can be public | 1 High + 3 others (details) |