Check for any AWS CloudTrail logging buckets that are publicly accessible, in order to determine if your AWS account could be at risk.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using an overly permissive or insecure set of permissions for your CloudTrail logging S3 buckets could provide malicious users access to your AWS account log data which can increase exponentially the risk of unauthorized access.
To determine if your CloudTrail logging buckets are publicly accessible, perform the following:
To remove public access to your CloudTrail logging bucket, you need to perform the following: