Can aws config query check if bucket is enabled for static website hosting #44
Comments
|
Have you tried the |
|
yes unfortunately doing it in this way only.. What I understood is to get the website config for a bucket, This GET action requires the S3:GetBucketWebsite permission. By default, only the bucket owner can read the bucket website configuration. However, bucket owners can allow other users to read the website configuration by writing a bucket policy granting them the S3:GetBucketWebsite permission. So it is not possible to get the config directly and there is no property available in config query directly for this. I am planning to check this supplementaryConfiguration.BucketWebsiteConfiguration.indexDocumentSuffix. The idea is if any bucket is website hosting, they need to give the index document. |
|
Yes, at the S3 API level, the GetBucketWebsite API gives a complete description of the website configuration, or a If you need to inspect the exact response from the GetBucketWebsite API, then AWS Config isn't the right tool. It does call that API, but it reformats the data. Behind the scenes, the AWS Config configuration recorder calls the GetBucketWebsite API and many others to build up a view of the bucket's configuration state. (You can check this by looking in CloudTrail for API calls made by the configuration recorder.) The response data is restructured for the ease of querying.
That sounds like a good approach when using Advanced Query. |
Hi,
I do have a query, I dont find any properties where config query can check if aws s3 has static website enabled or not. I think this is very much needed. In an organization where we have more than 10K buckets and from security standpoint we dont know which one is enabled as static website hosting.
Is there any other way we can check this?
The text was updated successfully, but these errors were encountered: