Cloud Profile 3.5.1 "Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible" contains the following as part of its investigation procedure using AWS Console:
For each bucket noted in step 3, right-click on the bucket and click Properties.
In the Properties pane, click the Permissions tab.
The tab shows a list of grants, one row per grant, in the bucket ACL. Each row identifies the grantee and the permissions granted.
Ensure no rows exist where the Grantee is set to Everyone or the Grantee set to Any Authenticated User.
If the Edit bucket policy button is present, click it to review the bucket policy.
Ensure the policy does not contain a Statement having an Effect set to Allow and a Principal set to "" or {"AWS": ""}, or if it does, ensure that it has a condition in place to restrict access, such as aws:PrincipalOrgID.
These steps do not correspond to the current version of the AWS Console UI. They should be replaced with something along the lines of the following:
For each bucket noted in step 3, click on the bucket name.
Click on the Permissions tab.
In the Bucket policy section, ensure that there is no statement with the Effect of Allow with a Principal of either "\*" or {"AWS": "\*"} unless it also has a suitable condition in place to restrict access, such as aws:PrincipalOrgID.
In the Access control list (ACL) section, that no permissions for either Objects or Bucket ACL are granted to either Everyone or Authenticated users group.
Cloud Profile 3.5.1 "Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible" contains the following as part of its investigation procedure using AWS Console:
These steps do not correspond to the current version of the AWS Console UI. They should be replaced with something along the lines of the following: