Severity Framework
Snyk CCSS
Rule category
Data / Logging
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
AWS-Well-Architected
CIS-AWS
CSA-CCM
ISO-27001
NIST-800-53
PCI-DSS
SOC-2
- Snyk ID SNYK-CC-00172
- credit Snyk Research Team
Description
Allowing public access to CloudTrail log data may aid an adversary in identifying weaknesses in the affected account's use or configuration.
How to fix?
Ensure the aws_s3_bucket acl field is not set to "public-read" or "public-read-write".
Example Configuration
resource "aws_s3_bucket" "private1" {
acl = "private"
# other required fields here
}