Simple Storage Service (S3)

Filters

• Standard Value Filter (see Generic Filters)

global-grants

Check bucket acls for global grants

Schema:

{
  "allow_website": {
    "type": "boolean"
  },
  "operator": {
    "enum": [
      "or",
      "and"
    ],
    "type": "string"
  },
  "permissions": {
    "items": {
      "enum": [
        "READ",
        "WRITE",
        "WRITE_ACP",
        "READ_ACP",
        "FULL_CONTROL"
      ],
      "type": "string"
    },
    "type": "array"
  }
}

missing-policy-statement

Find buckets missing a set of named policy statements

Schema:

{
  "statement_ids": {
    "items": {
      "type": "string"
    },
    "type": "array"
  }
}

Actions

encrypt-keys

Scan all keys in a bucket and optionally encrypt them in place

Schema:

{
  "crypto": {
    "enum": [
      "AES256",
      "aws:kms"
    ]
  },
  "glacier": {
    "type": "boolean"
  },
  "key-id": {
    "type": "string"
  },
  "large": {
    "type": "boolean"
  },
  "report-only": {
    "type": "boolean"
  }
}

encryption-policy

Attach an encryption required policy to a bucket, this will break applications that are not using encryption, including AWS log delivery

Schema:

{}

delete-global-grants

Delete global grants from bucket ACLs

Schema:

{
  "grantees": {
    "items": {
      "type": "string"
    },
    "type": "array"
  }
}

no-op

No operation

Schema:

{}