S3 general purpose buckets should have static website hosting disabled

Docs > Plateforme de sécurité Datadog > OOTB Rules > S3 general purpose buckets should have static website hosting disabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

AWS S3 bucket website hosting should not be enabled because it increases the chance of accidentally exposing sensitive data and does not consistently support HTTPS, potentially leading to insecure connections and data interception. Additionally, it lacks advanced security features such as authentication, DDoS protection, and detailed access logging, which are provided by services like CloudFront. S3 bucket website hosting is also incompatible with the S3 Block Public Access (BPA) feature when all BPA controls are enabled.

Remediation

For guidance on securely configuring static S3 website hosting, refer to the Restrict access to an Amazon Simple Storage Service origin section of the Amazon CloudFront Developer Guide.