04 - Cloudtrail Bucket is Private

 

Ensure CloudTrail Bucket does not have Public Access

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Since this holds all audit logs, it is important that the S3 bucket that stores the data is fully secured. This is why CloudTrail S3 Bucket private access is a security best practice. Having a full inventory of your CloudTrails with current logging status across all of your accounts can help with CIS, NIST, GDPR & PCI-DSS compliance.

Audit & Remediation

 

 

  • Copy the name of the S3 bucket in order for us to validate the permissions in S3.
  • Navigate to the S3 service at: https://https://console.aws.amazon.com/S3
  • Select then bucket that is storing your CloudTrail data and select the Permissions tab.

 

 

  • Scroll down to Public access and validate there are no permissions set for List objects, Write objects, Read bucket permissions or Write bucket permissions.

 

 

  • If any of these permissions exist, select Everyone in order to open up the permissions and ensure none of the properties are selected.

 

 

  • Do this for all of your accounts in order to ensure compliancy and securing your cloudtrail data.
See all certificates in a single place!

Do you want to see all of your ACM certificates in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +

Contact us

LDAPTIVE, LLC.
Mount Pleasant, SC
USA
Email: info@ldaptive.com
Intelligent Discovery ™

LDAPTIVE, LLC 2018 © All Rights Reserved. Privacy Policy | Terms of Service