s3-bucket-server-side-encryption-enabled

Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the S3 bucket policy explicitly denies put-object requests without server side encryption that uses AES-256 or AWS Key Management Service.

Identifier: S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED

Trigger type: Configuration changes

AWS Region: All supported AWS Regions

Parameters:

None

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

s3-bucket-replication-enabled

s3-bucket-ssl-requests-only