Ensure that your Amazon S3 buckets with website configuration enabled are regularly reviewed for security purposes. Upon enabling this rule on Cloud Conformity dashboard, you must specify one or more S3 buckets that are expected to have website configuration enabled. Once the rule is active, Cloud Conformity engine will scan your AWS account and will return review information for all S3 buckets.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
To host website on AWS S3 you need to configure a bucket as website by adding the necessary configuration. By regularly reviewing these S3 buckets you make sure that only the desired buckets are accessible from the website endpoint.
To identify all Amazon S3 buckets with website configuration enabled for review purposes, perform the following:
When you disable S3 website hosting, Amazon S3 service removes the website configuration from your buckets so that these buckets are no longer accessible from the website endpoint. To disable website hosting for your S3 buckets, perform the following: