Mods
AWS

Policy: AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible

Configures auditing against a CIS Benchmark item.

Level: 1

CloudTrail logs a record of every API call made in your AWS account. These logs file are stored in an S3 bucket. It is recommended that the bucket policy or access control list (ACL) applied to the S3 bucket that CloudTrail logs to prevent public access to the CloudTrail logs.

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Specification

Schema Type
string
Default
Per AWS > CIS v2.0 > 3 - Logging
Valid Values [YAML]
  • Per AWS > CIS v2.0 > 3 - Logging
    
  • Skip
    
  • Check: Benchmark
    

Category

In Your Workspace

Developers