AWS-CloudTrail-S3-Bucket-Public

Severity: Critical

Description: This policy identifies publicly accessible S3 buckets that store CloudTrail data. These buckets contains sensitive audit data and only authorized users and applications should have access.

Remediation Steps:

Perform following to disable public access to cloud trail bucket :

1. Login to the AWS Management Console at https://console.aws.amazon.com

2. Navigate to S3 service.

3. Click on S3 bucket reported in the alert.

4. Click on the Permissions tab.

5. If Access Control List is set to Public follow below steps.

   1. Under Access Control List, Click on Everyone and uncheck all items.

   2. Click on Save.

6. If Bucket Policy is set to public follow below steps.

   1. Under Bucket Policy, modify the policy to remove public access.

   2. Click on Save.

   3. If Bucket Policy is not required delete the existing Bucket Policy.

Important:

Make sure updating Access Control List or Bucket Policy does not affect S3 bucket data access.

Reference:

• Amazon S3 bucket policy for CloudTrail - AWS CloudTrail