How can I check whether a non-public S3 bucket is using server-side encryption in JupiterOne?

dcpeach ✭✭✭✭✭
edited February 17 in Asset Management
As an additional safeguard S3 server-side encryption uses an AES-256 block ciphers.


  • Scooper1920
    edited February 17
    Below is a query that flags which internal S3 buckets are unencrypted.
    FIND unique aws_s3_bucket WITH tag.dataclassification != ('Public' or'public' or 'PUBLIC')
    AND (
          tag.dataclassification = ('Internal' or 'internal' or 'INTERNAL')
          encrypted != true
          policyDocument !~= '"s3:x-amz-server-side-encryption"'
        AS e1
    RETURN e1.displayName as "Name", e1.arn as "ARN", e1.accountId as "Account ID", e1.region as Region, 
    e1.tag.dataclassification as "Data Classification", e1. encrypted as Encrypted, e1.encryptionKeyRef 
    as "KMs Key ID"

This Month's Leaders