AWS IAM user disabled S3 Block Public Access
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

AWS IAM user disabled S3 Block Public Access

guardduty

Classification:

compliance

Overview

Goal

Detect when an AWS IAM user disables S3 Block Public Access

Strategy

This rule lets you monitor this GuardDuty integration finding:

Triage & Response

  1. Determine which user triggered the signal. This can be found in the signal.
  2. Contact the user and determine why the user disabled the S3 Block Access feature.
  3. Re-enable S3 Block Public Access.