Preventing Publicly Available CloudTrail Logs

Protecting CloudTrail Logs in S3
AWS CloudTrail is a key service for governance and risk auditing because it tracks all AWS account activity and actions. The logs generated by CloudTrail contain sensitive information that should never be made publicly available. If your CloudTrail logs fell into the hands of an attacker, they could use the information to identify your weak or misconfigured areas. Because CloudTrail logs are stored in S3 buckets, you can use bucket policies or ACLs to prevent public access. 

For more information, visit the AWS documentation on S3 bucket policies for CloudTrail

You need to make sure that your CloudTrail logs are not being stored in a publicly accessible S3 buckets. That’s information that you don’t want to get out. It’s critical sensitive system information that could be of use to a bad actor. The best way to check this is to go into the CloudTrail settings, make sure it’s pointed at the S3 bucket you think it is, and double check the settings on that S3 bucket to make sure they’re not available to everyone or to a wide group of users that don’t need access to that information.

Related Videos