Use AWS Config and Lambda to Ensure that S3 Bucket Remains Private
- AWS Config will trigger the Lambda Function to invoke SNS for any changes in the AWS.
Create a Lambda function to monitor the Bucket ACL and Bucket Policy Changes. If the bucket ACL found public - Lambda function can over write it to make it private.
if the Bucket Policy found public - it can trigger a SNS Notification to the Security Team.
-- Cross region replication for the bucket ensures that the S3 Bucket is available in another region as well.
-- Use "AWS Encryption CLI" to encrypt the data first before sending the data across the wire.