Context

Porter provides compliance controls that check S3 bucket access permissions. Users may wonder which S3 buckets are being scanned by these controls, particularly when they have buckets provisioned both inside and outside of Porter.

Answer

Porter's compliance controls for S3 buckets only scan and monitor Porter-managed resources. This means:

• The controls only check S3 buckets that were automatically created by Porter alongside your cluster

• S3 buckets that you created manually outside of Porter are not included in these compliance checks

Currently, Porter does not provide functionality to directly provision S3 buckets through its platform. All S3 bucket compliance checks apply only to those resources that Porter creates automatically as part of other operations.