AWS Batch Job - clean up history

0

Hello,

In one of my company's AWS account we have vulnerable information leak issue. AWS Batch jobs were launched with ENV variables and this variables contains very important and vulnerable details. We would like to wipe out this history from the account. How can we do that ?

Thanks

feita há um mês57 visualizações
1 Resposta
4
Resposta aceita

There is no API to clear the AWS batch job history.

The job state for SUCCEEDED and FAILED jobs is persisted in AWS Batch for at least 7 days (see here and here).

If this account is a member of an organization you can create and associate SCP (Service Control Policy) to this account that will prevent any principal from describing that job (and remove the SCP after 7 days has passed).

Example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "batch:DescribeJobs",
            "Resource": "arn:aws:batch:REGION:ACCOUNT_ID:job/JOB_ID"
        }
    ]
}
profile pictureAWS
ESPECIALISTA
respondido há um mês
profile picture
ESPECIALISTA
avaliado há um mês
ESPECIALISTA
avaliado há um mês

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas