Hands-on Challenge Day - AWS Security Investigation with CloudTrail
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
Imagine SecureCorp Inc., a cybersecurity company that provides cloud-based security solutions. They have a complex AWS infrastructure with multiple services running. Recently, they noticed an unexpected change in their S3 bucket policy, which has led to unauthorized access to sensitive data. The security team needs to identify who made the change, when it was made, and what exactly was changed to address the vulnerability and prevent future occurrences.
Problem Statement: Unauthorized changes in AWS resources can lead to security vulnerabilities, data breaches, and compliance issues. SecureCorp Inc. needs to quickly investigate the unauthorized S3 bucket policy change.
Your Mission: Utilize AWS CloudTrail to investigate the unauthorized S3 bucket policy change. Identify the user who made the change, the time of the change, and what was altered. Then, demonstrate steps to remediate the issue and prevent similar incidents.