S3 Server Access Log Bucket Policy

ACM.200 Revisiting default AWS S3 ACLs that still exist

Teri Radichel

--

Part of my series on Automating Cybersecurity Metrics and stories on AWS S3 Buckets. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In the last post we deployed a CloudTrail bucket policy. I showed you some differences between the documentation and the bucket policy deployed by AWS Control Tower.

We’re going to need to add an S3 bucket policy to the AWS S3 server access log bucket per the documentation. Even though the console seemed to indicate one would be added the policy was empty as I explained in the post where we created the bucket. We’ll add a policy ourselves the same way we did for our CloudTrail bucket. Once again, I will compare the documentation to what got deployed by CloudTrail.

Here’s the documentation with a sample policy.

--

--

Teri Radichel

CEO 2nd Sight Lab | Penetration Testing & Assessments | AWS Hero | Masters of Infosec & Software Engineering | GSE 240 etc | IANS | SANS Difference Makers Award