Open in app

Sign in

Write

Sign in

S3 Server Access Log Bucket Policy

ACM.200 Revisiting default AWS S3 ACLs that still exist

Teri Radichel

--

Part of my series on Automating Cybersecurity Metrics and stories on AWS S3 Buckets. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In the last post we deployed a CloudTrail bucket policy. I showed you some differences between the documentation and the bucket policy deployed by AWS Control Tower.

S3 Bucket Policy for an Organization CloudTrail Bucket

ACM.198 Formulating the code for our Organization CloudTrail Bucket

medium.com

We’re going to need to add an S3 bucket policy to the AWS S3 server access log bucket per the documentation. Even though the console seemed to indicate one would be added the policy was empty as I explained in the post where we created the bucket. We’ll add a policy ourselves the same way we did for our CloudTrail bucket. Once again, I will compare the documentation to what got deployed by CloudTrail.

Here’s the documentation with a sample policy.

Enabling Amazon S3 server access logging

docs.aws.amazon.com

--

--

Teri Radichel
Teri Radichel

Written by Teri Radichel

2.5K Followers
5 Following

CEO 2nd Sight Lab | Penetration Testing & Assessments | AWS Hero | Masters of Infosec & Software Engineering | GSE 240 etc | IANS | SANS Difference Makers Award