Rules Contributing to AWS S3 Bucket Missing Server-Side Encryption Alert

The following rules are used to detect S3 buckets without server-side encryption. Any one or more of these will trigger the AWS S3 Bucket Missing Server-Side Encryption Alert. Details for each rule can be viewed by clicking the More Details link in the description.

Title

Description

AWS S3 Bucket Missing Server-Side Encryption

Detects S3 buckets that lack server-side encryption (SSE) configuration. Without SSE enabled, data stored in S3 buckets is vulnerable to unauthorized access if the bucket permissions are misconfigured or if physical media is compromised.

More details

Rule ID

aws_config_6

Query

{'selection1': {'configResourceType': 'AWS::S3::Bucket'}, 'selection2': {'serverSideEncryptionConfiguration': ''}, 'selection3': {'serverSideEncryptionConfiguration_sseAlgorithm': ''}, 'condition': 'selection1 and (not selection2) and selection3'}

Log Source

Stellar Cyber AWS configured.

Rule Source

Developed internally by Stellar Cyber

Tactics, Techniques, and Procedures

TA0009, T1530

References

N/A

Severity

Suppression Logic Based On

aws.configurationItem.ARN
stellar.rule_id

Additional Information

Maturity	Creation Date	Risk Level	False Positives
experimental	2025/12/17	medium	N/A