Create README.md

terraform-modules · Jun 19, 2020 · aa34183 · aa34183
1 parent 336c783
commit aa34183
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,21 @@
+# aws-t26-s3
+Module for creating Title26 Compliant S3 Buckets
+
+# Requirements
+1.       Encryption enforcement on the Bucket Policy 
+2.       Only Cloud Administrators have bucket delete permissions
+3.       Permissions tightly controlled with Bucket Policy and IAM role/policy for users, instances, and other services
+4.       Dedicated KMS CMK key 
+5.       MFA enforced API calls – required for all data migrations (Cloud and Data Admins)
+6.       Object Level Logging enabled with 7 year retention on CloudWatch Log Group
+a.       Backup logs to BCC (How often?)
+7.       Server Access Logging enabled with 7 year retention on CloudWatch Log Group
+a.       Backup logs to BCC (How often?)
+8.       Versioning enabled
+9.       Monthly Security Audit reviews
+a.       By customer?
+b.       By CSvD Security?
+10.   IP Address Restriction policy enforced
+11.   Not publically accessible
+12.   Customer signature for key deletion(s) during decommissioning(s) and maximum wait period
+13.   Delete CMK key for Data Sanitization.