Devolutions.CIEM

0.3.28

Checks/Aws/Test-S3BucketCrossAccountAccess.ps1

                                function Test-S3BucketCrossAccountAccess {

    <#

    .SYNOPSIS

        S3 bucket policy does not allow cross-account access

    .DESCRIPTION

        **Amazon S3 bucket policies** are analyzed for statements that grant **cross-account access**.

        Any policy that names principals outside the owning account (other account IDs or `Principal: "*"`) is treated as cross-account; absence of a policy implies no cross-account grants.

    .PARAMETER Check

        CIEMCheck object containing check metadata.

    #>

    [CmdletBinding()]

    [OutputType([PSCustomObject[]])]

    param(

        [Parameter(Mandatory)]

        [CIEMCheck]$Check

    )

    $ErrorActionPreference = 'Stop'

    # TODO: Implement check logic based on Prowler check: s3_bucket_cross_account_access

    [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check s3_bucket_cross_account_access for reference.', 'N/A', 's3 Resources')

}