File tree Expand file tree Collapse file tree 1 file changed +9
-5
lines changed Expand file tree Collapse file tree 1 file changed +9
-5
lines changed Original file line number Diff line number Diff line change @@ -18,30 +18,34 @@ Query:
1818 t.account_id,
1919 t.tags,
2020 t._ctx,
21+ t.platform_account_id,
22+ t.platform_resource_id,
2123 COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AllUsers') AS all_user_grants,
2224 COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AuthenticatedUsers') AS auth_user_grants,
2325 COUNT(s) FILTER (WHERE s ->> 'Effect' = 'Allow' AND p = '*') AS anon_statements
2426 FROM
2527 aws_cloudtrail_trail AS t
2628 LEFT JOIN aws_s3_bucket AS b ON t.s3_bucket_name = b.name
2729 LEFT JOIN jsonb_array_elements(acl -> 'Grants') AS acl_grant ON TRUE
28- LEFT JOIN jsonb_array_elements(policy_std -> 'Statement') AS s ON TRUE
30+ LEFT JOIN jsonb_array_elements(policy_std -> 'Statement') AS s ON TRUE
2931 LEFT JOIN jsonb_array_elements_text(s -> 'Principal' -> 'AWS') AS p ON TRUE
3032 GROUP BY
3133 t.s3_bucket_name,
3234 b.arn,
3335 t.region,
3436 t.account_id,
3537 t.tags,
36- t._ctx
38+ t._ctx,
39+ t.platform_account_id,
40+ t.platform_resource_id
3741 )
3842 SELECT
3943 CASE
4044 WHEN arn IS NULL THEN 'arn:aws:s3::' || name
4145 ELSE arn
4246 END AS resource,
43- t.platform_account_id AS platform_account_id,
44- t.platform_resource_id AS platform_resource_id,
47+ platform_account_id,
48+ platform_resource_id,
4549 CASE
4650 WHEN arn IS NULL THEN 'skip'
4751 WHEN all_user_grants > 0 THEN 'alarm'
6064 public_bucket_data;
6165Severity : low
6266Tags : {}
63- Title : 2.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
67+ Title : 2.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
You can’t perform that action at this time.
0 commit comments