import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Bucket {
    /**
     * Checks that S3 Bucket have cross-region replication configured.
     *
     * @severity high
     * @frameworks iso27001, pcidss
     * @topics availability
     * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html
     */
    const configureReplicationConfiguration: ResourceValidationPolicy;
    /**
     * Check that S3 Buckets Server-Side Encryption (SSE) is using a customer-managed KMS Key.
     *
     * @severity low
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/specifying-kms-encryption.html
     */
    const configureServerSideEncryptionCustomerManagedKey: ResourceValidationPolicy;
    /**
     * Check that S3 Buckets Server-Side Encryption (SSE) uses AWS KMS.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html
     */
    const configureServerSideEncryptionKms: ResourceValidationPolicy;
    /**
     * Checks that S3 Bucket ACLs don't allow 'PublicRead', 'PublicReadWrite' or 'AuthenticatedRead'.
     *
     * @severity critical
     * @frameworks cis, hitrust, iso27001, pcidss
     * @topics security, storage
     * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
     */
    const disallowPublicRead: ResourceValidationPolicy;
    /**
     * Checks that S3 Bucket have cross-region replication enabled.
     *
     * @severity high
     * @frameworks iso27001, pcidss
     * @topics availability
     * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html
     */
    const enableReplicationConfiguration: ResourceValidationPolicy;
    /**
     * Check that S3 Bucket Server-Side Encryption (SSE) is enabled.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
     */
    const enableServerSideEncryption: ResourceValidationPolicy;
    /**
     * Check that S3 Buckets Server-Side Encryption (SSE) is using a Bucket key.
     *
     * @severity medium
     * @frameworks iso27001, pcidss
     * @topics cost, encryption, storage
     * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html
     */
    const enableServerSideEncryptionBucketKey: ResourceValidationPolicy;
}
export { Bucket };
