How to resolve Sprinto check to ensure that AWS CloudTrail logs is public protected

About:

Sprinto check: AWS Cloud Trail logging bucket should be protected from direct internet traffic

This check verifies that the Amazon S3 bucket used for storing AWS CloudTrail logs is not publicly accessible. CloudTrail is a service that records AWS API calls and events, and the logs generated by CloudTrail can contain sensitive information about your AWS environment and activities.

Purpose:

The primary purpose of this check is to enhance the security and confidentiality of your CloudTrail logs. Allowing public access to the S3 bucket that stores these logs can potentially expose sensitive data, such as API calls, resource configurations, and user activities, to unauthorized individuals or entities.

How to Fix This Check:

Follow the below steps to fix this check:

Before you begin:

• Ensure you have the administrative privilege on the AWS account to modify the S3 bucket configuration

Protecting Cloud Trail logging from direct Internet access:

1. Log in to the AWS console using your credentials or Single Sign-On (SSO) options.

2. Navigate to the AWS S3 service.

3. Select the S3 bucket from the list used for storing the CloudTrail logs.

   
4. Select the Permissions tab and review the Bucket settings for blocking public access. Ensure the configuration status is set to On. Else, click Edit and update it.

   
5. Repeat the above steps for all S3 buckets used for storing CloudTrail logs.

Sprinto detects the configuration change and sets the check status to “Passing.”

Contact Sprinto support if you have any queries related to the check or need assistance.