AWS Batch Job - clean up history

0

Hello,

In one of my company's AWS account we have vulnerable information leak issue. AWS Batch jobs were launched with ENV variables and this variables contains very important and vulnerable details. We would like to wipe out this history from the account. How can we do that ?

Thanks

posta un mese fa57 visualizzazioni
1 Risposta
4
Risposta accettata

There is no API to clear the AWS batch job history.

The job state for SUCCEEDED and FAILED jobs is persisted in AWS Batch for at least 7 days (see here and here).

If this account is a member of an organization you can create and associate SCP (Service Control Policy) to this account that will prevent any principal from describing that job (and remove the SCP after 7 days has passed).

Example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "batch:DescribeJobs",
            "Resource": "arn:aws:batch:REGION:ACCOUNT_ID:job/JOB_ID"
        }
    ]
}
profile pictureAWS
ESPERTO
con risposta un mese fa
profile picture
ESPERTO
verificato un mese fa
ESPERTO
verificato un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande