Event bus exposed to everyone - Complete Cloud Security in Minutes - Orca Security

Network misconfigurations

Event bus exposed to everyone

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Description

Amazon EventBridge is a serverless event bus service that allows you to route events between AWS services. Orca has discovered that the event bus '{AwsEventBus}' allows anyone, including unauthorized AWS users, to access it. Unauthorized users may, therefore, perform the actions listed in the event bus' policy.

Recommended Mitigation

Ensure your default event bus permits access only to trusted AWS accounts. More details can be found in https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-bus-perms.html

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.