09 - S3 Object Lock

Ensure your sensitive S3 buckets have object lock enabled

Ensure that your S3 buckets have object lock enabled to ensure sensitive objects are not accidentally or maliciously deleted. This is considered a security best practice and should always enabled on every bucket. Ensuring this is enabled will help with NIST,PCI-DSS, HIPPA and GDPR compliance.

Audit & Remediation

Login into your AWS account
Navigate to the S3 service at: https://console.aws.amazon.com/s3
On the left hand panel select Buckets.

Select the Name hyperlink for the S3 bucket you would like to check.
Under Properties scroll down to Advanced settings and select Object lock. If this is set to Disabled, then you will need to open up a support ticket with AWS to have them enable this. Object lock can only be enabled via console when the bucket is being created.

Repeat the outlined steps for each S3 bucket that you have.

See all of your AWS S3 Buckets in a single place!

Do you want to see all S3 Buckets in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.