s3-bucket-server-side-encryption-enabled
Checks if your Amazon S3 bucket either has the Amazon S3 default encryption enabled
or that the Amazon S3 bucket policy explicitly denies put-object
requests without server side encryption that uses AES-256 or Amazon Key Management Service.
The rule is NON_COMPLIANT if your Amazon S3 bucket is not encrypted by default.
Identifier: S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED
Resource Types: AWS::S3::Bucket
Trigger type: Configuration changes
Amazon Web Services Region: All supported Amazon regions except Europe (Spain) Region
Parameters:
- None
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.