AWS Config Update – New Managed Rules to Secure S3 Buckets
AWS Config captures the state of your AWS resources and the relationships between them. Among other features, it allows you to select a resource and then view a timeline of configuration changes that affect the resource (read Track AWS Resource Relationships With AWS Config to learn more).
You already have access to about three dozen managed rules. For example, here are some of the rules that check your EC2 instances and related resources:
Two New Rules
Today we are adding two new managed rules that will help you to secure your S3 buckets. You can enable these rules with a single click. The new rules are:
s3-bucket-public-write-prohibited – Automatically identifies buckets that allow global write access. There’s rarely a reason to create this configuration intentionally since it allows
unauthorized users to add malicious content to buckets and to delete (by overwriting) existing content. The rule checks all of the buckets in the account.
s3-bucket-public-read-prohibited – Automatically identifies buckets that allow global read access. This will flag content that is publicly available, including web sites and documentation. This rule also checks all buckets in the account.
Like the existing rules, the new rules can be run in response to changes detected by Config. You can see the compliance status of all of your rules at a glance:
Each evaluation runs in a matter of milliseconds; scanning an account with 100 buckets will take less than a minute. Behind the scenes, the rules are evaluated by a reasoning engine that uses some leading-edge constraint solving techniques that can, in many cases, address NP-complete problems in polynomial time (we did not resolve P versus NP; that would be far bigger news). This work is part of a larger effort within AWS, some of which is described in a AWS re:Invent presentation: Automated Formal Reasoning About AWS Systems:
Now Available
The new rules are available now and you can start using them today. Like the other rules, they are priced at $2 per rule per month.
— Jeff;
相關推薦
AWS Config Update – New Managed Rules to Secure S3 Buckets
AWS Config captures the state of your AWS resources and the relationships between them. Among other features, it allows you to select a resource a
AWS Marketplace: Trend Micro Managed Rules for AWS WAF
AWS Marketplace is hiring! Amazon Web Services (AWS) is a dynamic, growing business unit within Am
AWS Marketplace: Imperva's Managed Rules for WordPress Protection
AWS Marketplace is hiring! Amazon Web Services (AWS) is a dynamic, growing business unit within Am
AWS Marketplace: Fortinet Managed Rules for AWS WAF
AWS Marketplace is hiring! Amazon Web Services (AWS) is a dynamic, growing business unit within Am
Managed Rules for IP Reputation on AWS WAF
AWS Marketplace is hiring! Amazon Web Services (AWS) is a dynamic, growing business unit within Am
AWS Marketplace: Trustwave Managed Rules for AWS WAF
AWS Marketplace is hiring! Amazon Web Services (AWS) is a dynamic, growing business unit within Am
Managed Rules for AWS WAF
Select Trustwave SpiderLabs ModSecurity virtual patches to provide additional support for your web applications running AWS WAF. As
New – Managed NAT (Network Address Translation) Gateway for AWS
You can use Amazon Virtual Private Cloud to create a logically isolated section of the AWS Cloud. Within the VPC, you can define your desired IP a
AWS Config Rules – Dynamic Compliance Checking for Cloud Resources
The flexible, dynamic nature of the AWS cloud gives developers and admins the flexibility to launch, configure, use, and terminate processing, sto
Error while adding new interface: failed to open /dev/vboxnetctl: No such file or directory
com add err erro lin .com aso tps color Try this : sudo modprobe vboxnetadp ref: https://github.com/gasolin/foxbox/issues/32Erro
Porsche PIWIS III with V37.250.020 Piwis 3 Software Update New Feature
functions ast dia gin general view ica scanner pin Porsche Piwis tester 3 PT3G VCI with V37.250.020 Piwis 3 Software unlimited license i
ueditor百度富文字編輯器linux下報錯: class path resource [config.json] cannot be resolved to absolute file path because it does not reside in the file system
具體報錯資訊如下 java.io.FileNotFoundException: class path resource [config.json] cannot be resolved to absolute file path because it does not reside in the fi
add new test project to chromium
前言 想在自己的測試程式中,驗證一些chromium的知識點。 先加一個自己的測試工程到chromium。 我先翻了一圈,找到chromium中有一個test_child_process的測試程式(exe)。 參考test_child_process,加入了自己的測試工程test_by_
IBM introduces new AI capability to help marketers understand campaign performance
Marketers have the burden of becoming smarter and faster – in a never-ending pursuit of creating memorable, high-impact customer experiences using only pix
a new sn app to grow your connections and bank | Hacker News
You see people when they post stories to the app, then you decide if you want to connect with them. It’s a great place to share your thoughts… but just lik
Three Laws of Privacy: A Set of Rules to Build a Privacy Standard
Three Laws of Privacy: A Set of Rules to Build a Privacy StandardOver the years has become clear that SciFi authors shape the future. No one can predict th
Windows 10 October 2018 update: everything you need to know
The next version of Windows 10 has arrived and is ready to download as a free update complete with a load of new emoji, better links to your phone and a sm
September Product Update: New Pages Dashboard
Our roadmap is shaped by you, our customers. We love hearing from you and greatly appreciate feedback on Butter as it helps continue to streng
New FAA Rules for Drones Go Into Effect
Last week saw the 2018 FAA Reauthorization Act become law, and the new legislation has quite a few implications for people who fly small drones or model ai