s3-resources-in-logically-air-gapped-vault
Checks if Amazon Simple Storage Service (Amazon S3) buckets are in a logically air-gapped vault. The rule is NON_COMPLIANT if an Amazon S3 bucket is not in a logically air-gapped vault within the specified time period.
Identifier: S3_RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT
Resource Types: AWS::S3::Bucket
Trigger type: Periodic
Amazon Web Services Region: All supported Amazon regions
Parameters:
- resourceTags (Optional)
- Type: String
-
Tags of Amazon S3 bucket for the rule to check, in JSON format.
- resourceId (Optional)
- Type: String
-
Name of Amazon S3 bucket for the rule to check.
- recoveryPointAgeValue (Optional)
- Type: int
- Default: 1
-
Numerical value for maximum allowed age. No more than 2184 for hours, 91 for days.
- recoveryPointAgeUnit (Optional)
- Type: String
- Default: days
-
Unit of time for maximum allowed age. Accepted values: 'hours', 'days'.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.