AWS S3 Bucket Scanner

Know when security issues arise from your AWS S3 Buckets.

AWS Bucket Scanner

​Deploy AWS S3 Bucket Scanner in Vectrix​

Description

AWS S3 Bucket Scanner helps prevent sensitive data leakage and ensures best practices are followed. It periodically queries AWS APIs for all bucket metadata within your AWS account and will alert to your configured output upon any detected issues (see Alerts List).

Access & Configuration

Alerts

Public Bucket detected

Context: A public S3 Bucket has been detected. This could be problematic as objects stored in the bucket are now potentially accessible by anyone on the internet.

Action: Navigate to the bucket in question via the AWS Management Console and Disable Public Access (AWS Documentation).

Bucket not encrypted

Context: An unencrypted S3 Bucket has been detected. This could be problematic as objects stored in the bucket are not encrypted, and should the objects be exposed or leaked, they can be accessed without any further protections.

Action: Navigate to the bucket in question via the AWS Management Console and Enable Default Encryption (AWS Documentation).

Bucket access logging disabled

Context: An S3 Bucket with server access logging disabled has been detected. This could be problematic as bucket access logs are not collected, meaning any modifications or improper access will not be recorded.

Action: Navigate to the bucket in question via the AWS Management Console and Enable Server Access Logging (AWS Documentation).

Bucket versioning disabled

Context: An S3 Bucket with versioning disabled has been detected. This could be problematic as bucket objects of different versions aren't preserved, meaning any modified S3 objects will overwrite their previous version.

Action: Navigate to the bucket in question via the AWS Management Console and Enable Bucket Versioning (AWS Documentation).

Sample Alert

Sample Alert: Public Bucket detected