AWS Batch Job - clean up history

0

Hello,

In one of my company's AWS account we have vulnerable information leak issue. AWS Batch jobs were launched with ENV variables and this variables contains very important and vulnerable details. We would like to wipe out this history from the account. How can we do that ?

Thanks

已提問 1 個月前檢視次數 57 次
1 個回答
4
已接受的答案

There is no API to clear the AWS batch job history.

The job state for SUCCEEDED and FAILED jobs is persisted in AWS Batch for at least 7 days (see here and here).

If this account is a member of an organization you can create and associate SCP (Service Control Policy) to this account that will prevent any principal from describing that job (and remove the SCP after 7 days has passed).

Example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "batch:DescribeJobs",
            "Resource": "arn:aws:batch:REGION:ACCOUNT_ID:job/JOB_ID"
        }
    ]
}
profile pictureAWS
專家
已回答 1 個月前
profile picture
專家
已審閱 1 個月前
專家
已審閱 1 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南