AWS S3 Audit

Your number of S3 buckets can grow pretty fast - and so could be your painpoints.

What we do?

Access Logging Enabled

Check S3 bucket access logging is enabled on the CloudTrail S3 bucket

S3 Buckets Public Access Block

Check the S3 bucket logs are not publicly accessible

S3 Bucket Default Encryption

Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.

S3 Bucket Versioning Enabled

Check if S3 buckets have object versioning enabled

S3 HTTPS Only

Check if S3 buckets have secure transport policy

S3 Does Not Allow Public Writes

Check if S3 buckets have policies which allow public WRITE access

S3 Bucket Authenticated Users WRITE Access

Ensure S3 buckets do not allow WRITE access to AWS authenticated users through S3 ACLs.

DNS Compliant S3 Bucket Names

Ensure that your AWS S3 buckets are using DNS-compliant bucket names.

S3 Bucket MFA Delete Enabled

Ensure AWS S3 buckets have the MFA Delete feature enabled.

S3 Bucket Public Access Via Policy

Ensure AWS S3 buckets do not allow public access via bucket policies.

S3 Buckets Encrypted with Customer-Provided CMKs

Ensure that Amazon S3 buckets are encrypted with customer-provided AWS KMS CMKs.

S3 Buckets Lifecycle Configuration

Ensure Amazon S3 buckets have lifecycle configuration enabled for security and cost optimization purposes.

S3 Buckets with Website Configuration Enabled

Ensure S3 buckets with website configuration enabled are regularly reviewed (informational).

S3 Object Lock Enabled

Ensure that AWS S3 buckets use Object Lock for data protection and/or regulatory compliance.

S3 Transfer Acceleration

Ensure that Amazon S3 buckets use Transfer Acceleration feature for faster data transfers.

S3 Bucket Public FULL_CONTROL Access

Ensure that your AWS S3 buckets are not publicly exposed to the Internet.

S3 Bucket Authenticated Users FULL_CONTROL Access

Ensure S3 buckets do not allow FULL_CONTROL access to AWS authenticated users via S3 ACLs.

S3 Bucket Public READ Access

Ensure AWS S3 buckets do not allow public READ access.

S3 Bucket Authenticated Users READ Access

Ensure S3 buckets do not allow READ access to AWS authenticated users through ACLs.

S3 Bucket Public READ_ACP Access

Ensure AWS S3 buckets do not allow public READ_ACP access.

S3 Bucket Authenticated Users READ_ACP Access

Ensure AWS S3 buckets do not allow READ_ACP access to AWS authenticated users using ACLs.

S3 Bucket Public WRITE_ACP Access

Ensure AWS S3 buckets do not allow public WRITE_ACP access.

S3 Bucket Authenticated Users WRITE_ACP Access

Ensure AWS S3 buckets do not allow WRITE_ACP access to AWS authenticated users using ACLs.

Server Side Encryption

Ensure AWS S3 buckets enforce Server-Side Encryption (SSE).


Not ready for a free signup yet? No worries!

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.