S3 Bucket Policy Changed

This alert occurs when Lacework detects an AWS S3 bucket policy change.

Why this Alert is Important

Bucket policy is one of the important aspects of S3 bucket security. Bucket policy determines which resources can add/delete/modify data in an S3 bucket. It is important to allow only required resources access to the data. Misconfiguration may allow an unauthorized person to access data and make modifications to it.

Investigation

Audit the bucket policy to ensure that only the resources that require access to the S3 bucket have the necessary write and read ability. Search for any unknown resources and remove them from the list. Avoid giving public access to an S3 bucket unless needed.

Resolution

Ensure that only authorized users can make changes to the bucket policy and follow the principle of least privilege.

https://docs.aws.amazon.com/AmazonS3/latest/user-guide/what-is-s3.html

Why this Alert is Important​

Investigation​

Resolution​

Related Information​

Why this Alert is Important

Investigation

Resolution

Related Information