fluidasserts.cloud.aws.cloudformation.s3 module

AWS CloudFormation checks for S3 (Simple Storage Service).

fluidasserts.cloud.aws.cloudformation.s3.ACCESS_CONTROLS = {'AuthenticatedRead', 'BucketOwnerFullControl', 'BucketOwnerRead', 'Private', 'PublicRead', 'PublicReadWrite'}

A set of available S3 Access Controls

fluidasserts.cloud.aws.cloudformation.s3.has_not_private_access_control(path, exclude=None)

Check if S3::Bucket has an AccessControl that is not Private.

  • path (str) – Location of CloudFormation’s template file.

  • exclude (typing.Optional[typing.List[str]]) – Paths that contains any string from this list are ignored.


  • OPEN if the S3 Bucket has the AccessControl attribute set to PublicRead, PublicReadWrite, AuthenticatedRead, BucketOwnerRead or BucketOwnerFullControl.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type