S3 Server Access Log Bucket Policy
ACM.200 Revisiting default AWS S3 ACLs that still exist
Part of my series on Automating Cybersecurity Metrics and stories on AWS S3 Buckets. The Code.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
In the last post we deployed a CloudTrail bucket policy. I showed you some differences between the documentation and the bucket policy deployed by AWS Control Tower.
We’re going to need to add an S3 bucket policy to the AWS S3 server access log bucket per the documentation. Even though the console seemed to indicate one would be added the policy was empty as I explained in the post where we created the bucket. We’ll add a policy ourselves the same way we did for our CloudTrail bucket. Once again, I will compare the documentation to what got deployed by CloudTrail.
Here’s the documentation with a sample policy.