Top / Amazon Web Service / AWS Amazon S3 / Bucket Ownership Controls

AWS Amazon S3 Bucket Ownership Controls

This page shows how to write Terraform and CloudFormation for Amazon S3 Bucket Ownership Controls and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_s3_bucket_ownership_controls (Terraform)

The Bucket Ownership Controls in Amazon S3 can be configured in Terraform with the resource name aws_s3_bucket_ownership_controls. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

buckets.tf#L26
resource "aws_s3_bucket_ownership_controls" "www_bucket" {
  bucket = local.www_bucket_name
  rule {
    object_ownership = "BucketOwnerPreferred"
  }
}
s3.tf#L24
resource "aws_s3_bucket_ownership_controls" "example" {
  bucket = aws_s3_bucket.b.id

  rule {
    object_ownership = "BucketOwnerPreferred"
  }

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a resource to manage S3 Bucket Ownership Controls. For more information, see the S3 Developer Guide.

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon S3 Resources

In addition to the aws_s3_bucket_public_access_block, AWS Amazon S3 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_s3_bucket_public_access_block

Ensure S3 bucket-level Public Access Block restricts public bucket policies

It is better to enable S3 bucket-level Public Access Block if you don't need public buckets.

risk-label

aws_s3_bucket

Ensure S3 bucket access policy is well configured

It is better to configure the S3 bucket access policy properly to limit it unless explicitly required.

Review your AWS Amazon S3 settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::S3::Bucket OwnershipControls (CloudFormation)

The Bucket OwnershipControls in S3 can be configured in CloudFormation with the resource name AWS::S3::Bucket OwnershipControls. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

Rules Specifies the container element for object ownership rules.
Required: Yes
Type: List of OwnershipControlsRule
Update requires: No interruption

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Specifies the container element for object ownership rules.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon S3 Resources

Frequently asked questions

What is AWS Amazon S3 Bucket Ownership Controls?

AWS Amazon S3 Bucket Ownership Controls is a resource for Amazon S3 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon S3 Bucket Ownership Controls?

For Terraform, the gregn610/www.gregnicol.uk and jonathannaz/test-terraform source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents