S3

Caligo provides the following security rules for AWS S3:

• S3 buckets should have server access logging enabled

• Buckets should be configured with block public access settings

• S3 buckets should have versioning enabled to help recover from data loss

• S3 buckets should have at-rest server side encryption enabled by default

• S3 buckets should deny HTTP requests

• S3 buckets should have MFA delete enabled in the bucket versioning configuration

• S3 buckets should not be publicly readable

• S3 buckets should not be publicly writable