Ensure that the Amazon S3 buckets configured for website hosting are regularly reviewed for security purposes. Upon enabling this rule in your Trend Cloud One™ – Conformity account, you must specify one or more Amazon S3 buckets that are expected to have website configuration enabled. Once the rule is active, the Conformity engine will scan your AWS cloud account and return review information for all S3 buckets.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
To host websites with Amazon S3, you have to configure an S3 bucket for hosting. By regularly reviewing your hosting-enabled S3 buckets, you make sure that only the desired buckets are accessible from the website endpoint.
Audit
To review Amazon S3 buckets with website configuration enabled, perform the following actions:
Remediation / Resolution
When you disable website hosting, Amazon S3 removes the website configuration from your S3 buckets so that these buckets are no longer accessible from the website endpoint. To disable website hosting for your Amazon S3 buckets, perform the following actions:
References
- AWS Documentation
- Amazon S3 FAQs
- Amazon S3 Features
- Hosting a static website using Amazon S3
- Tutorial: Configuring a static website on Amazon S3
- AWS Command Line Interface (CLI) Documentation
- s3api
- list-buckets
- get-bucket-website
- delete-bucket-website
- CloudFormation Documentation
- AWS::S3::Bucket
- Terraform Documentation
- AWS Provider