Public S3 buckets
Meeting's Actionable Items:
- Do a proper cost analysis between S3 only & S3 + CloudFront
- Create a global rollout of IAM Role for Security teams
- Prepare rollout SCP deny public bucket creation on all account
- Create a new naming convention for public bucket once we decided to continue allowing them created ones.
- Possible options (not decided yet):
- Centralize public bucket to dedicated account
- If yes, do we need 3 env or enough 1 env.
- Bucket management will be done by each product team using PDA role.
- Product team able to create bucket after got review and approve from infosec.
- Public bucket creation in each Product account
- Product team need infosec to open/close block public access policy.
Confluence's meeting notes:
https://29022131.atlassian.net/wiki/spaces/SI/pages/1416049725/2020-06-29+Public+S3+buckets