S3 Bucket ACL Changed
This alert occurs when Lacework detects an S3 bucket ACL change.
Why this Alert is Important
The AWS Access Control List (ACL) plays an important part in limiting the extent to which your S3 buckets are exposed. Unauthorized ACL modification can give attackers access to the interfaces of your S3 bucket instance.
Investigation
Ensure that all changes to ACLs are audited and made only by authorized personnel. Look for rules allowing access to unknown IP addresses. Check for anomalies in ACL changes.
Resolution
Revert all unnecessary NACL changes. Use a common template to make changes. Follow the principle of least privilege.
Related Information
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/what-is-s3.html