AWS Batch Job - clean up history

0

Hello,

In one of my company's AWS account we have vulnerable information leak issue. AWS Batch jobs were launched with ENV variables and this variables contains very important and vulnerable details. We would like to wipe out this history from the account. How can we do that ?

Thanks

質問済み 1ヶ月前56ビュー
1回答
4
承認された回答

There is no API to clear the AWS batch job history.

The job state for SUCCEEDED and FAILED jobs is persisted in AWS Batch for at least 7 days (see here and here).

If this account is a member of an organization you can create and associate SCP (Service Control Policy) to this account that will prevent any principal from describing that job (and remove the SCP after 7 days has passed).

Example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "batch:DescribeJobs",
            "Resource": "arn:aws:batch:REGION:ACCOUNT_ID:job/JOB_ID"
        }
    ]
}
profile pictureAWS
エキスパート
回答済み 1ヶ月前
profile picture
エキスパート
レビュー済み 1ヶ月前
エキスパート
レビュー済み 1ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ