S3 Access Analyzer for S3
E459742
S3 Access Analyzer for S3 is an AWS security feature that continuously analyzes Amazon S3 bucket access policies to identify and highlight buckets and objects that are publicly or cross-account accessible.
All labels observed (1)
| Label | Occurrences |
|---|---|
| S3 Access Analyzer for S3 canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T4600332 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: S3 Access Analyzer for S3 Context triple: [Amazon S3, supportsOperation, S3 Access Analyzer for S3]
-
A.
Amazon S3
Amazon S3 is a scalable, highly durable cloud object storage service from Amazon Web Services used for storing and retrieving large amounts of data over the internet.
-
B.
Cloudflare R2
Cloudflare R2 is a cloud object storage service designed to offer S3-compatible, globally distributed storage with zero egress fees.
-
C.
Amazon Athena
Amazon Athena is a serverless, interactive query service from AWS that lets users analyze data directly in Amazon S3 using standard SQL.
-
D.
Azure Purview
Azure Purview is a unified data governance and catalog service from Microsoft that helps organizations discover, classify, and manage data across on-premises, multi-cloud, and SaaS sources.
-
E.
Amazon CloudWatch
Amazon CloudWatch is a monitoring and observability service that collects and analyzes logs, metrics, and events from AWS resources and applications to help track performance and operational health.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: S3 Access Analyzer for S3 Target entity description: S3 Access Analyzer for S3 is an AWS security feature that continuously analyzes Amazon S3 bucket access policies to identify and highlight buckets and objects that are publicly or cross-account accessible.
-
A.
Amazon S3
Amazon S3 is a scalable, highly durable cloud object storage service from Amazon Web Services used for storing and retrieving large amounts of data over the internet.
-
B.
Cloudflare R2
Cloudflare R2 is a cloud object storage service designed to offer S3-compatible, globally distributed storage with zero egress fees.
-
C.
Amazon Athena
Amazon Athena is a serverless, interactive query service from AWS that lets users analyze data directly in Amazon S3 using standard SQL.
-
D.
Azure Purview
Azure Purview is a unified data governance and catalog service from Microsoft that helps organizations discover, classify, and manage data across on-premises, multi-cloud, and SaaS sources.
-
E.
Amazon CloudWatch
Amazon CloudWatch is a monitoring and observability service that collects and analyzes logs, metrics, and events from AWS resources and applications to help track performance and operational health.
- F. None of above. chosen
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
AWS service feature
ⓘ
Amazon S3 security feature ⓘ cloud security feature ⓘ |
| analyzes |
Amazon S3 access control lists
ⓘ
Amazon S3 access points NERFINISHED ⓘ Amazon S3 bucket access policies ⓘ Amazon S3 bucket policies ⓘ |
| benefit |
helps enforce least privilege access to S3
ⓘ
helps identify unintended data exposure ⓘ simplifies review of S3 access policies ⓘ |
| configuredVia |
AWS Command Line Interface
NERFINISHED
ⓘ
AWS Management Console NERFINISHED ⓘ AWS SDKs NERFINISHED ⓘ Amazon S3 console NERFINISHED ⓘ |
| developedBy | Amazon Web Services NERFINISHED ⓘ |
| exposes |
findings in S3 console
ⓘ
findings via AWS CLI ⓘ findings via AWS SDKs ⓘ |
| feature |
automated detection of S3 buckets shared with AWS organizations
ⓘ
automated detection of S3 buckets shared with anonymous users ⓘ automated detection of S3 buckets shared with federated users ⓘ automated detection of S3 buckets shared with other AWS accounts ⓘ automated detection of public S3 buckets ⓘ automated detection of public S3 objects ⓘ continuous analysis of S3 access configurations ⓘ findings for cross-account access ⓘ findings for public access ⓘ integration with AWS Management Console ⓘ integration with Amazon S3 console ⓘ organization-level analyzers ⓘ policy evaluation against security best practices ⓘ region-level analyzers ⓘ visibility into external access to S3 resources ⓘ |
| partOf |
AWS Identity and Access Management Access Analyzer ecosystem
ⓘ
AWS security services ⓘ Amazon S3 NERFINISHED ⓘ |
| purpose |
help prevent unintended public access to S3 data
ⓘ
identify cross-account accessible S3 buckets ⓘ identify cross-account accessible S3 objects ⓘ identify publicly accessible S3 buckets ⓘ identify publicly accessible S3 objects ⓘ improve S3 security posture ⓘ |
| scope |
Amazon S3 buckets
ⓘ
Amazon S3 objects ⓘ S3 access control lists ⓘ S3 access points NERFINISHED ⓘ S3 bucket policies ⓘ |
| supports | AWS Organizations integration ⓘ |
| uses |
AWS CloudTrail for auditing changes to access policies
ⓘ
IAM Access Analyzer analyzers ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: S3 Access Analyzer for S3 Description of subject: S3 Access Analyzer for S3 is an AWS security feature that continuously analyzes Amazon S3 bucket access policies to identify and highlight buckets and objects that are publicly or cross-account accessible.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.