s3-account-level-public-access-blocks - AWS Config

翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。

s3-account-level-public-access-blocks

Checks if the required public access block settings are configured from account level. 以下に設定されているフィールドが、設定項目の対応するフィールドと一致しない場合、ルールは NON_COMPLIANT のみです。

注記

If you are using this rule, ensure that S3 Block Public Access is enabled. The rule is change-triggered, so it will not be invoked unless S3 Block Public Access is enabled. If S3 Block Public Access is not enabled the rule returns INSUFFICIENT_DATA. This means that you still might have some public buckets. For more information about setting up S3 Block Public Access, see Blocking public access to your Amazon S3 storage.

Identifier: S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS

Trigger type: Configuration changes (current status not checked, only evaluted when changes generate new events)

注記

This rule is only triggered by configuration changes for the specific region where the S3 endpoint is located. In all other regions, the rule is checked periodically. If a change was made in another region, there could be a delay before the rule returns NON_COMPLIANT.

AWS Region: All supported AWS regions except Europe (Milan), Middle East (Bahrain) Region

パラメータ:

IgnorePublicAcls (Optional)
タイプ: 文字列
デフォルト: True

IgnorePublicAcls is enforced or not, default True

BlockPublicPolicy (Optional)
タイプ: 文字列
デフォルト: True

BlockPublicPolicy is enforced or not, default True

BlockPublicAcls (Optional)
タイプ: 文字列
デフォルト: True

BlockPublicAcls is enforced or not, default True

RestrictPublicBuckets (Optional)
タイプ: 文字列
デフォルト: True

RestrictPublicBuckets is enforced or not, default True

AWS CloudFormation テンプレート

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.