An AWS S3 bucket lifecycle expiration policy was set to disabled
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect if an AWS S3 lifecycle expiration policy is set to disabled in your CloudTrail logs.
Strategy
Check if @requestParameters.LifecycleConfiguration.Rule.Expiration.Days
, @requestParameters.LifecycleConfiguration.Status:Disabled
and @evt.name:PutBucketLifecycle
fields are present in your S3 Lifecycle configuration log. If these fields are present together, a bucket’s lifecycle configuration has been turned off.
Triage & Response
- Determine if
{{@evt.name}}
should have occurred on the {{@requestParameters.bucketName}}
by username:
{{@userIdentity.sessionContext.sessionIssuer.userName}}
, accountId:
{{@userIdentity.accountId}}
of type:
{{@userIdentity.assumed_role}}
. - If the
{{@requestParameters.bucketName}}
should not be disabled, escalate to engineering so they can re-enable it.