S3 Access Analyzer for S3
E459742
S3 Access Analyzer for S3 is an AWS security feature that continuously analyzes Amazon S3 bucket access policies to identify and highlight buckets and objects that are publicly or cross-account accessible.
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
AWS service feature
ⓘ
Amazon S3 security feature ⓘ cloud security feature ⓘ |
| analyzes |
Amazon S3 access control lists
ⓘ
Amazon S3 access points NERFINISHED ⓘ Amazon S3 bucket access policies ⓘ Amazon S3 bucket policies ⓘ |
| benefit |
helps enforce least privilege access to S3
ⓘ
helps identify unintended data exposure ⓘ simplifies review of S3 access policies ⓘ |
| configuredVia |
AWS Command Line Interface
NERFINISHED
ⓘ
AWS Management Console NERFINISHED ⓘ AWS SDKs NERFINISHED ⓘ Amazon S3 console NERFINISHED ⓘ |
| developedBy | Amazon Web Services NERFINISHED ⓘ |
| exposes |
findings in S3 console
ⓘ
findings via AWS CLI ⓘ findings via AWS SDKs ⓘ |
| feature |
automated detection of S3 buckets shared with AWS organizations
ⓘ
automated detection of S3 buckets shared with anonymous users ⓘ automated detection of S3 buckets shared with federated users ⓘ automated detection of S3 buckets shared with other AWS accounts ⓘ automated detection of public S3 buckets ⓘ automated detection of public S3 objects ⓘ continuous analysis of S3 access configurations ⓘ findings for cross-account access ⓘ findings for public access ⓘ integration with AWS Management Console ⓘ integration with Amazon S3 console ⓘ organization-level analyzers ⓘ policy evaluation against security best practices ⓘ region-level analyzers ⓘ visibility into external access to S3 resources ⓘ |
| partOf |
AWS Identity and Access Management Access Analyzer ecosystem
ⓘ
AWS security services ⓘ Amazon S3 NERFINISHED ⓘ |
| purpose |
help prevent unintended public access to S3 data
ⓘ
identify cross-account accessible S3 buckets ⓘ identify cross-account accessible S3 objects ⓘ identify publicly accessible S3 buckets ⓘ identify publicly accessible S3 objects ⓘ improve S3 security posture ⓘ |
| scope |
Amazon S3 buckets
ⓘ
Amazon S3 objects ⓘ S3 access control lists ⓘ S3 access points NERFINISHED ⓘ S3 bucket policies ⓘ |
| supports | AWS Organizations integration ⓘ |
| uses |
AWS CloudTrail for auditing changes to access policies
ⓘ
IAM Access Analyzer analyzers ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.