let my_buckets = Resources.*[ Type == 'AWS::S3::Bucket' ] rule validate_bucket_sse_example when %my_buckets !empty { %my_buckets.Properties { BucketEncryption.ServerSideEncryptionConfiguration[*] { ServerSideEncryptionByDefault.SSEAlgorithm == 'AES256' <> } } } rule validate_bucket_versioning_example when %my_buckets !empty { %my_buckets.Properties { VersioningConfiguration.Status == 'Enabled' <> } } rule correlation_example when %my_buckets !empty { validate_bucket_sse_example validate_bucket_versioning_example } rule validate_bucket_public_access_block_example when %my_buckets !empty { %my_buckets.Properties { PublicAccessBlockConfiguration.BlockPublicAcls == true <> PublicAccessBlockConfiguration.BlockPublicPolicy == true <> PublicAccessBlockConfiguration.IgnorePublicAcls == true <> PublicAccessBlockConfiguration.RestrictPublicBuckets == true <> } }