Homepage
About Snyk

S3 bucket ACL allows public access to S3 bucket storing CloudTrail log files Affecting S3 service in AWS

0.0
high
    Severity Framework Snyk CCSS
    Rule category Data / Logging

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    AWS-Well-Architected CIS-AWS CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2
  • Snyk ID SNYK-CC-00172
  • credit Snyk Research Team
Report a new misconfiguration Found a mistake?

Description

Allowing public access to CloudTrail log data may aid an adversary in identifying weaknesses in the affected account's use or configuration.

How to fix?

Ensure the aws_s3_bucket acl field is not set to "public-read" or "public-read-write".

Example Configuration

resource "aws_s3_bucket" "private1" {
  acl = "private"
  # other required fields here
}