Quick Info
| Plugin Title | CloudTrail Bucket Private |
| Cloud | AWS |
| Category | CloudTrail |
| Description | Ensures CloudTrail logging bucket is not publicly accessible |
| More Info | CloudTrail buckets contain large amounts of sensitive account data and should only be accessible by logged in users. |
| AWS Link | http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html |
| Recommended Action | Set the S3 bucket access policy for all CloudTrail buckets to only allow known users to access its files. |
Detailed Remediation Steps
- Log into the AWS Management Console.
- Select the “Services” option and search for “CloudTrail”.
- In the “Dashboard” panel click on “View trails” button.
- Select the “trail” that needs to be verified under “Name” column.
- Scroll down and under the “Storage location” option check the S3 bucket used to store log data.
- Go to “Services” and search for “S3” to go into S3 buckets dashboard.
- Select the “S3 bucket” used to store data log in CloudTrail and check the “Access” option. If “Access” shows “Public” than bucket is publicly accessible
- Click on “Edit Public Access Settings” to configure the S3 Bucket access.
- Click on the checkboxes shown under “Manage public Access control lists (ACLs)” and “Manage public bucket policies” to make the S3 bucket private.
- Select the “S3 bucket” used by CloudTrail and click on “Permissions” tab.
- Select the “Access Control List” from the menu and search for any group with the name “Everyone” and make sure this group has no checkboxes enabled. If this group has one or more checkboxes enabled than the selected S3 bucket is publicly accessible.
- Check the “Access for other AWS accounts” on the selected S3 bucket for known users.
- S3 buckets access policy for all “CloudTrail buckets” have access allow only to known users now.