An AWS S3 bucket lifecycle expiration policy was set to disabled

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Goal

Detect if an AWS S3 lifecycle expiration policy is set to disabled in your CloudTrail logs.

Strategy

Check if @requestParameters.LifecycleConfiguration.Rule.Expiration.Days, @requestParameters.LifecycleConfiguration.Status:Disabled and @evt.name:PutBucketLifecycle fields are present in your S3 Lifecycle configuration log. If these fields are present together, a bucket’s lifecycle configuration has been turned off.

Triage & Response

  1. Determine if {{@evt.name}} should have occurred on the {{@requestParameters.bucketName}} by username: {{@userIdentity.sessionContext.sessionIssuer.userName}}, accountId: {{@userIdentity.accountId}} of type: {{@userIdentity.assumed_role}}.
  2. If the {{@requestParameters.bucketName}} should not be disabled, escalate to engineering so they can re-enable it.