S3 bucket modifications cannot be detected
Description
CloudTrail logs S3 bucket-level API calls made in the last 90 days. This check tracks policy modification on the bucket level, including:
- PutBucketAcl
- PutBucketPolicy
- PutBucketCors
- PutBucketLifecycle
- PutBucketReplication
- DeleteBucketPolicy
- DeleteBucketCors
- DeleteBucketLifecycle
- DeleteBucketReplication
Bucket policies and bucket or object ACLs allow users to configure access to other users and services. AWS console offers prompts and warnings that emphasize this point and try to prevent lapses in security. This does not always prevent data leaks. Monitoring automated and manual changes to S3 buckets provides an additional layer of protection against errors.