Skip to main content

πŸ’Ό 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible

  • Contextual name: πŸ’Ό 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
  • ID: /frameworks/cis-aws-v1.3.0/03/03
  • Located in: πŸ’Ό 3 Logging

Description​

CloudTrail logs a record of every API call made in your AWS account. These logs file are stored in an S3 bucket. It is recommended that the bucket policy or access control list (ACL) applied to the S3 bucket that CloudTrail logs to prevent public access to the CloudTrail logs.

Similar​

  • Sections
    • /frameworks/cis-aws-v1.4.0/03/03
    • /frameworks/cis-aws-v1.2.0/02/03
  • Internal
    • ID: dec-c-a31cf682

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS AWS v1.2.0 β†’ πŸ’Ό 2.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
πŸ’Ό CIS AWS v1.4.0 β†’ πŸ’Ό 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS AWS v1.2.0 β†’ πŸ’Ό 2.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
πŸ’Ό CIS AWS v1.4.0 β†’ πŸ’Ό 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags