Why security of S3 bucket is a must?
In the configuration of CloudTrail and CloudWatch, you need an S3 bucket to store all your logs and metrics. The default configuration of the S3 bucket is private and can only be accessed by the users having permission to access. And in most of the cases, a broad range of public access to read your files is not required unless you are using S3 bucket to host public assets.
You can use S3 bucket ACLs (Access Control Lists) and IAM user policies to restrict the access to your bucket. While setting up ACL for an organization where a lot of IAM users present and most common mistake can be giving unintended access to certain IAM users. Or using an overly permissive and insecure set of permissions can also provide access to any malicious user to access your AWS S3 buckets which increase the risk of misuse of data.
Ensure that your S3 bucket CloudTrails are not public
Like any other service, you can configure CloudTrail and CloudWatch for your S3 bucket. With the help of these two services, you can check the records that are recorded in the trail. And you will also be able to view, search and download recent activities in your S3 buckets like a bank account statement. Configuring trail in CloudWatch notifies you every time when somebody accesses your S3 bucket.
The risk level of getting publicly accessible bucket breached is high. To determine that your AWS account and all your logs are secure, Centilytics ensures that you have created an alarm for your S3 bucket CloudTrail logs. Centilytics checks and reminds you about the alarms if they are not created for your publicly accessible S3 bucket CloudTrail logs.
||Ok: S3 bucket CloudTrail logs are not publicly accessible.|
||Critical: S3 bucket CloudTrail logs are publicly accessible.|
Description of further columns are as follows:
Account Id: Shows the respective account ID of the user’s account.
Account Name: Shows the account name corresponding to the user’s account.
Region: This column shows the region of your instance where it has been used.
Bucket Name: This column shows the name of the buckets by which they get stored.
|Account Id||Applying account Id filter will display all the resources for the selected account Id.|
|Region||Applying the region filter will display all the resources corresponding to the selected region.|
|Severity||Applying severity filter will display resources according to the selected severity type i.e. selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.|
|Resource Tags||Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).
Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.
|Compliance||You can further refine your security and health checks compliance-wise.|