AWS IAM User Disabled S3 Block Public Access
Security Monitoring is now available Security Monitoring is now available
<  Back to rules search

AWS IAM User Disabled S3 Block Public Access

guardduty

Classification:

compliance

Set up the guardduty integration.

Overview

Goal

Detect when an AWS IAM user disables S3 Block Public Access

Strategy

This rule lets you monitor this GuardDuty integration finding:

Triage & Response

  1. Determine which user triggered the signal. This can be found in the signal.
  2. Contact the user and determine why the user disabled the S3 Block Access feature.
  3. Re-enable S3 Block Public Access.