s3-resources-in-logically-air-gapped-vault - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

s3-resources-in-logically-air-gapped-vault

Checks if Amazon Simple Storage Service (Amazon S3) buckets are in a logically air-gapped vault. The rule is NON_COMPLIANT if an Amazon S3 bucket is not in a logically air-gapped vault within the specified time period.

Identifier: S3_RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT

Resource Types: AWS::S3::Bucket

Trigger type: Periodic

Amazon Web Services Region: All supported Amazon regions

Parameters:

resourceTags (Optional)
Type: String

Tags of Amazon S3 bucket for the rule to check, in JSON format.

resourceId (Optional)
Type: String

Name of Amazon S3 bucket for the rule to check.

recoveryPointAgeValue (Optional)
Type: int
Default: 1

Numerical value for maximum allowed age. No more than 2184 for hours, 91 for days.

recoveryPointAgeUnit (Optional)
Type: String
Default: days

Unit of time for maximum allowed age. Accepted values: 'hours', 'days'.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.