I am trying to create an AWS Cloud watch event which will trigger an email whenever a S3 bucket is created or modified to allow public access.
I have created the cloud trail, log stream and am tracking all the S3 events logs. When i am trying to create a custom event by giving the pattern to detect S3 buckets with public access i am not able to fetch any response or the event doesn't get triggered even if i create bucket with public access. Can you help me out with the custom pattern for the same ?
I have tried giving GetPublicAccessBlock, PutPublicAccessBlock etc in event type but no luck. Please suggest accordingly.
you need to do the following in order to receive a notification
Note: This only works if you are turning off for an existing bucket (not for a new bucket)
The reason being when we create a bucket with public access, there are only two events generated, which are
CreateBucket
andPutBucketEncryption
and they don't seem to have information regarding public access being turned on. However if we create a bucket with no public access then it generates an additionalPutBucketPublicAccessBlock
event withCreateBucket
andPutBucketEncryption
.