Check for any AWS CloudTrail logging buckets that are publicly accessible, in order to determine if your AWS account could be at risk.
This rule can help you with the following compliance standards:
- The Center of Internet Security AWS Foundations Benchmark
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using an overly permissive or insecure set of permissions for your CloudTrail logging S3 buckets could provide malicious users access to your AWS account log data which can increase exponentially the risk of unauthorized access.
Audit
To determine if your CloudTrail logging buckets are publicly accessible, perform the following:
Remediation / Resolution
To remove public access to your CloudTrail logging bucket, you need to perform the following:
References
- AWS Documentation
- How AWS CloudTrail Works
- CloudTrail Concepts
- Amazon S3 Bucket Policy for CloudTrail
- Managing Access Permissions to Your Amazon S3 Resources
- Access Control List (ACL) Overview
- Editing Bucket Permissions
- AWS Command Line Interface (CLI) Documentation
- get-bucket-acl
- describe-trails
- put-bucket-acl
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
CloudTrail Bucket Publicly Accessible
Risk level: High