S3
Caligo provides the following security rules for AWS S3:
S3 buckets should have server access logging enabled
Buckets should be configured with block public access settings
S3 buckets should have versioning enabled to help recover from data loss
S3 buckets should have at-rest server side encryption enabled by default
S3 buckets should deny HTTP requests
S3 buckets should have MFA delete enabled in the bucket versioning configuration
S3 buckets should not be publicly readable
S3 buckets should not be publicly writable
Last updated