S3 Bucket for CloudTrail Logs Is Public

Overview

CloudTrail logs a record of every API call made in your AWS account. These logs file are stored in an S3 bucket. It is recommended that the bucket policy or access control list (ACL) applied to the S3 bucket that CloudTrail logs to prevent public access to the CloudTrail logs.

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected account's use or configuration.

Vendor

AWS

Cloud Service

CloudTrail

CIS AWS v1.5.0 3.3

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

Severity

Item Types

AWS::CloudTrail::Trail

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​