Skip to main content

Remediation

From Console​

  1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/.
  2. In the left navigation panel, click buckets and then click on the S3 Bucket Name that you want to examine.
  3. Click Properties tab to see in detail bucket configuration.
  4. In the AWS Cloud Trail data events section select the CloudTrail name for the recording activity. You can choose an existing Cloudtrail or create a new one by slicking the Configure in Cloudtrail button or navigating to the Cloudtrail console https://console.aws.amazon.com/cloudtrail/`.
  5. Once the Cloudtrail is selected, Select the data Data Events check box.
  6. Select S3 from the Data event type drop down.
  7. Select Log all events from the Log selector template drop down.
  8. Repeat steps 2 to 7 to enable object-level logging of write events for other S3 buckets.

From Command Line​

  1. To enable object-level data events logging for S3 buckets within your AWS account, run the put-event-selectors command using the name of the trail that you want to reconfigure as the identifier:

    aws cloudtrail put-event-selectors \
        --region {{region-name}} \
        --trail-name {{trail-name}} \
        --event-selectors '[{ "ReadWriteType": "WriteOnly", "IncludeManagementEvents":true, "DataResources": [{ "Type": "AWS::S3::Object", "Values": ["arn:aws:s3:::{{s3-bucket-name}}/"] }] }]'

  2. The command output will be object-level event trail configuration.

  3. If you want to enable it for all buckets at once, change the Values parameter to ["arn:aws:s3"] in the previous command.

  4. Repeat step 1 for each S3 bucket to update object-level logging of write events.

  5. Change the AWS region by updating the --region command parameter and perform the process for other regions.