Python: 4 rules to detect security misconfigurations of S3 buckets managed with AWS CDK

Hello Infrastructure / CloudFormation developers,

We started the support of AWS CDK for Python and added 4 new rules to help you write more secure infrastructures. In case you missed it, we already cover AWS IaC CloudFormation

The new rules are targeting the S3 bucket resources and we plan to extend this support to other AWS resources already covered by our CloudFormation rules.

  • S6281: Allowing public ACLs or policies on a S3 bucket is security-sensitive
  • S6245: Disabling server-side encryption of S3 buckets is security-sensitive
  • S6252: Disabling versioning of S3 buckets is security-sensitive
  • S6265: Granting access to S3 buckets to all or authenticated users is security-sensitive

Alex

2 Likes