If the permissions for your CloudTrail trail buckets are too permissive or insecure, this could result in malicious users gaining access to your logging data, significantly increasing the risk of unauthorized access. As an illustration, this conformity rule provides a method for identifying CloudTrail buckets that allow public access through Access Control Lists (ACLs). It is important to note that public access can also be granted through bucket policies. To ensure the security of your AWS cloud account, it is recommended that you check for publicly accessible CloudTrail trail log buckets (i.e., target buckets). This can help you identify potential security risks and take steps to mitigate them.
To remediate publicly accessible CloudTrail trail log buckets, you can follow these steps:
After following these steps, the CloudTrail trail log bucket should no longer be publicly accessible, and access to the bucket will be restricted to authorized users and services. It is recommended to periodically review the bucket permissions and policies to ensure that public access is not inadvertently granted. Additionally, you can enable logging and monitoring for the CloudTrail trail log bucket to detect any unauthorized access attempts.