S3 buckets should have event notifications enabled

Severity: Medium

Resource Types: AWS::S3::Bucket

Description

This control checks whether S3 Event Notifications are enabled on an Amazon S3 bucket. This control fails if S3 Event Notifications are not enabled on a bucket.

By enabling Event Notifications, you receive alerts on your Amazon S3 buckets when specific events occur. For example, you can be notified of object creation, object removal, and object restoration. These notifications can alert relevant teams to accidental or intentional modifications that may lead to unauthorized data access.

Remediation

For more information on detecting changes to S3 buckets and objects, see Amazon S3 Event Notifications in the Amazon S3 User Guide.

S3 buckets should have event notifications enabled

Description​

Remediation​

Description

Remediation