Explanation:
AWS Config has a managed rule 's3-bucket-public-read-prohibited' and 's3-bucket-public-write-prohibited' that can detect public access and with remediation (using Lambda or SSM) automatically remove such permissions. It's the most efficient for automated compliance and remediation on S3 buckets.
Ultimate access to all questions.
A company must automatically remove S3 bucket permissions that allow public read or write access. Which AWS service should be used in the MOST operationally efficient manner?
A
AWS Config
B
AWS Security Hub
C
AWS Trusted Advisor
D
Amazon Inspector
No comments yet.