Fugue.AWS.S3.Compliance

Module Members

bucketPolicyNotWildcard

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (Bucket) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Bucket) -> Validation

bucketRequireSecureTransport

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (Bucket) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Bucket) -> Validation

bucketRequireServerSideEncryption

(Function)

Require that a bucket uses server side encryption. In order to do this, we see if the bucket policy requires the s3:x-amz-server-side-encryption header to be set to AES256 for s3:PutObject.

Unfortunately, this does not work with ELBv2 Application Load Balancers that have their access logs written to S3 buckets. These ALBs fail to work with this policy in place, even though they do use encryption. For that reason, we do not validate buckets that are used as access log buckets for an ALB.

Type Signature

 fun { references: Optional<List<String>> } -> fun (NodeStream) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( NodeStream) -> Validation