- This 85-inch TV deal at $1,100 off made me reconsider paying up for OLED
- The LG G4 OLED is still one of the most impressive TVs I've seen - and it's $550 off
- The 150+ best Amazon Spring Sale tech deals live
- This pocket-sized power bank keeps my iPhone charged all day (and it's on sale)
- Tired of restless nights? These sleep earbuds helped me doze off and they're $30 off
10 best practices for S3 bucket security configuration

Rule GD-001: GuardDuty enabled
Conformity has rule GD-001 for enabling GuardDuty. This rule checks that GuardDuty is enabled in all regions for the security of your AWS environment and infrastructure. Because this rule is a medium-level threat, Conformity encourages compliance.
The result of non-compliance is the potential occurrence and proliferation of malicious activity on your AWS account and infrastructure without your knowledge, such as Recon:EC2/PortProbeUnprotectedPort, UnauthorizedAccess:EC2/SSHBruteForce, or UnauthorizedAccess:IAMUser/MaliciousIPCaller.
To remediate, simply visit GuardDuty to enable and activate it in every region.
Rule GD-002: GuardDuty findings
Conformity also has rule GD-002 that ingests and provides help with managing GuardDuty findings. The threat level is medium. Within your Conformity account, you can have notifications sent over email, SMS, Slack, JIRA, PagerDuty, and ServiceNow. Then, you can lean on the Conformity knowledge base to resolve the findings and achieve continuous security and compliance.
For example, if you have a random port on your EC2 instance, say 30784, that you aren’t using but someone is probing, you check your inbound rules to delist port ranges, input specific port numbers, and restrict access to particular Ips or IP ranges.
5. Use Amazon Macie to scan for sensitive data outside of designated areas
Conformity has the following rules for Amazon Macie service
Rule Macie-001: Amazon Macie
This rule checks that Macie is enabled so that it can scan your S3 buckets to identify sensitive information, such as credit cards, financial records, or personally identifiable information (PII). Macie analyzes access and user behavior patterns then bring this data to your attention.
You can use Macie-001 to help comply with the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS) for encryption and pseudonymization of data, as it recognizes PII.