S3 Bucket Policy Changed
This alert occurs when Lacework detects an AWS S3 bucket policy change.
Why this Alert is Important
Bucket policy is one of the important aspects of S3 bucket security. Bucket policy determines which resources can add/delete/modify data in an S3 bucket. It is important to allow only required resources access to the data. Misconfiguration may allow an unauthorized person to access data and make modifications to it.
Investigation
Audit the bucket policy to ensure that only the resources that require access to the S3 bucket have the necessary write and read ability. Search for any unknown resources and remove them from the list. Avoid giving public access to an S3 bucket unless needed.
Resolution
Ensure that only authorized users can make changes to the bucket policy and follow the principle of least privilege.
Related Information
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/what-is-s3.html