Description

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. We identified that the CloudTrail bucket is configured to be publicly accessible.
  • Recommended Mitigation

    In order to enhance the visibility of API calls in the account, CloudTrail logging bucket should not be publicly exposed. more details can be found in <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html</a>