s3-bucket-server-side-encryption-enabled

Checks if your Amazon S3 bucket either has the Amazon S3 default encryption enabled or that the Amazon S3 bucket policy explicitly denies put-object requests without server side encryption that uses AES-256 or AWS Key Management Service. The rule is NON_COMPLIANT if your Amazon S3 bucket is not encrypted by default.

Identifier: S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED

Resource Types: AWS::S3::Bucket

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Europe (Spain), Europe (Zurich) Region

Parameters:

None

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

s3-bucket-replication-enabled

s3-bucket-ssl-requests-only