Aqua CSPM

CloudTrail Bucket Private

Quick Info

Plugin TitleCloudTrail Bucket Private
CloudAWS
CategoryCloudTrail
DescriptionEnsures CloudTrail logging bucket is not publicly accessible
More InfoCloudTrail buckets contain large amounts of sensitive account data and should only be accessible by logged in users.
AWS Linkhttp://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
Recommended ActionSet the S3 bucket access policy for all CloudTrail buckets to only allow known users to access its files.

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for “CloudTrail”.
  3. In the “Dashboard” panel click on “View trails” button.
  4. Select the “trail” that needs to be verified under “Name” column.
  5. Scroll down and under the “Storage location” option check the S3 bucket used to store log data.
  6. Go to “Services” and search for “S3” to go into S3 buckets dashboard.
  7. Select the “S3 bucket” used to store data log in CloudTrail and check the “Access” option. If “Access” shows “Public” than bucket is publicly accessible
  8. Click on “Edit Public Access Settings” to configure the S3 Bucket access.
  9. Click on the checkboxes shown under “Manage public Access control lists (ACLs)” and “Manage public bucket policies” to make the S3 bucket private.
  10. Select the “S3 bucket” used by CloudTrail and click on “Permissions” tab.
  11. Select the “Access Control List” from the menu and search for any group with the name “Everyone” and make sure this group has no checkboxes enabled. If this group has one or more checkboxes enabled than the selected S3 bucket is publicly accessible.
  12. Check the “Access for other AWS accounts” on the selected S3 bucket for known users.
  13. S3 buckets access policy for all “CloudTrail buckets” have access allow only to known users now.