Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free Trial Product featuresEnsure that your Amazon S3 buckets with website configuration enabled are regularly reviewed for security purposes. Upon enabling this rule on Cloud Conformity dashboard, you must specify one or more S3 buckets that are expected to have website configuration enabled. Once the rule is active, Cloud Conformity engine will scan your AWS account and will return review information for all S3 buckets.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
To host website on AWS S3 you need to configure a bucket as website by adding the necessary configuration. By regularly reviewing these S3 buckets you make sure that only the desired buckets are accessible from the website endpoint.
To identify all Amazon S3 buckets with website configuration enabled for review purposes, perform the following:
01 Sign in to the AWS Management Console.
02 Navigate to S3 dashboard at https://console.aws.amazon.com/s3/.
03 Click on the name (link) of the S3 bucket that you want to examine to access the bucket configuration.
04 Select Properties tab from the S3 dashboard top menu and check the Static website hosting feature status. If the feature current status is Bucket hosting, the selected AWS S3 bucket is configured for website hosting.
05 Now open your Cloud Conformity console, select the conformity rule and compare the name of the S3 bucket verified at the previous step against each name listed within the configuration section of the rule. If the selected bucket name is not listed in the configuration section, the S3 bucket should be reviewed in order to decide whether to disable or not the website hosting feature.
06 Repeat steps no. 3 - 5 to check other S3 buckets, available in your AWS account, for review purposes.
01 Run list-buckets command (OSX/Linux/UNIX) using custom query filters to list all existing S3 buckets available in your AWS account:
aws s3api list-buckets --query 'Buckets[*].Name'
02 The command output should return the names of your S3 buckets:
[
"cloud-conformity-docs",
"cloud-conformity-data-reports",
"cloud-conformity-media-library"
]
03 Run get-bucket-website command (OSX/Linux/UNIX) using the name of the S3 bucket returned at the previous step as identifier to retrieve the website configuration associated with the selected bucket:
aws s3api get-bucket-website --bucket cloud-conformity-docs
04 The command output should return the requested website configuration details or the S3 NoSuchWebsiteConfiguration error message if the feature is not currently enabled:
{
"IndexDocument": {
"Suffix": "index.html"
}
}
05 Now access your Cloud Conformity console, select the rule and compare the name of the S3 bucket verified earlier against each name listed within the configuration section of the rule. If the selected bucket name is not listed in the configuration section, the S3 bucket should be reviewed in order to decide whether to disable or not the website hosting feature.
06 Repeat steps no. 3 - 5 to check other S3 buckets, available in your AWS account, for review purposes.
When you disable S3 website hosting, Amazon S3 service removes the website configuration from your buckets so that these buckets are no longer accessible from the website endpoint. To disable website hosting for your S3 buckets, perform the following:
01 Sign in to the AWS Management Console.
02 Navigate to S3 dashboard at https://console.aws.amazon.com/s3/.
03 Click on the name (link) of the S3 bucket that you want to reconfigure (see Audit section part I to identify the right resource).
04 Select the Properties tab from the S3 dashboard top menu and click on the Static website hosting feature configuration box.
05 Inside Static website hosting configuration box, select Disable website hosting option then click Save to apply the changes. Once the feature is disabled, the selected AWS S3 bucket contents are no longer accessible from the website endpoint.
06 Repeat steps no. 3 – 5 to disable website hosting for other S3 buckets available in your AWS account.
01 Run delete-bucket-website command (OSX/Linux/UNIX) using the name of the S3 bucket that you want to reconfigure (see Audit section part II to identify the right S3 resource) to remove the website configuration from the selected bucket (the command does not produce an output):
aws s3api delete-bucket-website --bucket cloud-conformity-docs
02 Repeat step no. 1 to disable website hosting for other S3 buckets provisioned within your AWS account.
Whether your AWS exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Cloud Conformity offers full visibility of your infrastructure and provides continuous assurance it’s secure, optimized and compliant.
Chat with us to set up your onboarding session and start a free trial.
Let’s Chat