File tree 2 files changed +27
-0
lines changed
packages/@aws-cdk/aws-config
2 files changed +27
-0
lines changed Original file line number Diff line number Diff line change @@ -1136,6 +1136,13 @@ export class ManagedRuleIdentifiers {
11361136 * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks.html
11371137 */
11381138 public static readonly S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS = 'S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS' ;
1139+ /**
1140+ * Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible. This rule is
1141+ * NON_COMPLIANT if an Amazon S3 bucket is not listed in the excludedPublicBuckets parameter and bucket level
1142+ * settings are public.
1143+ * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-level-public-access-prohibited.html
1144+ */
1145+ public static readonly S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED = 'S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED' ;
11391146 /**
11401147 * Checks that the Amazon Simple Storage Service bucket policy does not allow
11411148 * blocked bucket-level and object-level actions on resources in the bucket
Original file line number Diff line number Diff line change @@ -165,3 +165,23 @@ describe('ec2 instance', () => {
165165 } ) ;
166166 } ) ;
167167} ) ;
168+
169+ describe ( 's3 bucket level' , ( ) => {
170+ test ( 'public access prohibited' , ( ) => {
171+ // GIVEN
172+ const stack = new cdk . Stack ( ) ;
173+
174+ // WHEN
175+ new config . ManagedRule ( stack , 'S3BucketLevelPublicAccessProhibited' , {
176+ identifier : config . ManagedRuleIdentifiers . S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED ,
177+ } ) ;
178+
179+ // THEN
180+ Template . fromStack ( stack ) . hasResourceProperties ( 'AWS::Config::ConfigRule' , {
181+ Source : {
182+ Owner : 'AWS' ,
183+ SourceIdentifier : config . ManagedRuleIdentifiers . S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED ,
184+ } ,
185+ } ) ;
186+ } ) ;
187+ } ) ;
You can’t perform that action at this time.
0 commit comments