AWS cloud watch event pattern to detect S3 buckets creation/modification with public access

Question

I am trying to create an AWS Cloud watch event which will trigger an email whenever a S3 bucket is created or modified to allow public access.

I have created the cloud trail, log stream and am tracking all the S3 events logs. When i am trying to create a custom event by giving the pattern to detect S3 buckets with public access i am not able to fetch any response or the event doesn't get triggered even if i create bucket with public access. Can you help me out with the custom pattern for the same ?

I have tried giving GetPublicAccessBlock, PutPublicAccessBlock etc., in event type but no luck. Please suggest accordingly.

Answer

You can use IAM access analyzer to detect a S3 bucket that allow public access.
https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

You can send email for the detection results with Amazon EventBridge and Amazon SNS.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-eventbridge.html

AWS cloud watch event pattern to detect S3 buckets creation/modification with public access

相關內容