AwsS3 - Amazon Security Hub
AwsS3AccountPublicAccessBlockAwsS3BucketAwsS3Object
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AwsS3

以下是AwsS3资源Amazon的安全查找格式的示例。

AwsS3AccountPublicAccessBlock

AwsS3AccountPublicAccessBlock提供了有关 Amazon S3 公有访问块块配置的信息。

以下示例显示AwsS3AccountPublicAccessBlock对象Amazon的安全结果格式 (ASFF)。要查看AwsS3AccountPublicAccessBlock属性的描述,请参阅 Amazon Security HubAPI 参考AccountPublicAccessBlockDetails中的 AWSS3

示例

"AwsS3AccountPublicAccessBlock": {
    "BlockPublicAcls": true,
    "BlockPublicPolicy": true,
    "IgnorePublicAcls": false,
    "RestrictPublicBuckets": true
}

AwsS3Bucket

AwsS3Bucket对象提供有关 Amazon S3 存储桶的详细信息。

以下示例显示AwsS3Bucket对象Amazon的安全结果格式 (ASFF)。要查看AwsS3Bucket属性的描述,请参阅 Amazon Security HubAPI 参考BucketDetails中的 AWSS3

示例

"AwsS3Bucket": {
    "OwnerId": "AIDACKCEVSQ6C2EXAMPLE",
    "OwnerName": "s3bucketowner",
    "CreatedAt": "2007-11-30T01:46:56.000Z",
    "ServerSideEncryptionConfiguration": {
        "Rules": [
            {
                "ApplyServerSideEncryptionByDefault": {
                    "SSEAlgorithm": "AES256",
                    "KMSMasterKeyID": "12345678-abcd-abcd-abcd-123456789012"
                }
            }
        ]
     },
    "BucketLifecycleConfiguration": {
       "Rules": [
           {
               "AbortIncompleteMultipartUpload": {
                   "DaysAfterInitiation": 5
               },
               "ExpirationDate": "2021-11-10T00:00:00.000Z",
               "ExpirationInDays": 365,
               "ExpiredObjectDeleteMarker": false,
               "Filter: {
                   "Predicate": {
                       "Operands": [
                           {
                               "Prefix": "tmp/",
                               "Type": "LifecyclePrefixPredicate"
                           },
                           {
                               "Tag": {
                                   "Key": "ArchiveAge",
                                   "Value": "9m"
                               },
                               "Type": "LifecycleTagPredicate"
                           }
                       ],
                       "Type": "LifecycleAndOperator"
                   }
               },
               "ID": "Move rotated logs to Glacier",
               "NoncurrentVersionExpirationInDays": -1,
               "NoncurrentVersionTransitions": [
                   {
                       "Days": 2,
                       "StorageClass": "GLACIER"
                   }
               ],
               "Prefix": "rotated/",
               "Status": "Enabled",
               "Transitions": [
                   {
                       "Date": "2020-11-10T00:00:00.000Z",
                       "Days": 100,
                       "StorageClass": "GLACIER"
                   }
               ]
           }
       ]
    },
    "PublicAccessBlockConfiguration": {
        "BlockPublicAcls": true,
        "BlockPublicPolicy": true,
        "IgnorePublicAcls": true,
        "RestrictPublicBuckets": true,
    }
}

AwsS3Object

AwsS3Object对象提供有关 Amazon S3 对象的信息。

以下示例显示AwsS3Object对象Amazon的安全结果格式 (ASFF)。要查看AwsS3Object属性的描述,请参阅 Amazon Security HubAPI 参考ObjectDetails中的 AWSS3

示例

"AwsS3Object": {
    "ContentType": "text/html",
    "ETag": "\"30a6ec7e1a9ad79c203d05a589c8b400\"",
    "LastModified": "2012-04-23T18:25:43.511Z",
    "ServerSideEncryption": "aws:kms",
    "SSEKMSKeyId": "arn:aws:kms:us-west-2:123456789012:key/4dff8393-e225-4793-a9a0-608ec069e5a7",
    "VersionId": "ws31OurgOOjH_HHllIxPE35P.MELYaYh"
}