Logging and monitoring

CloudTrail bucket is publicly accessible

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. We identified that the CloudTrail bucket is configured to be publicly accessible.

  • Recommended Mitigation

    In order to enhance the visibility of API calls in the account, CloudTrail logging bucket should not be publicly exposed. more details can be found in <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.