Loading controls...
Control: Ensure a log metric filter and alarm exist for S3 bucket policy changes
Description
You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Hub recommends that you create a metric filter and alarm for changes to S3 bucket policies. Monitoring these changes might reduce time to detect and correct permissive policies on sensitive S3 buckets.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.log_metric_filter_bucket_policy
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.log_metric_filter_bucket_policy --share
SQL
This control uses a named query:
log_metric_filter_bucket_policy