Slide 39
Slide 39 text
Copyright © IDS Corporation. All rights reserved.
39
ログ記録 –設定例のご紹介-
CloudTrailの監査証跡をS3に保存
• S3バケットポリシーの設定
{
"Sid": "ReadOnly",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::aws-cloudtrail-logs-123456789012 -6cbd7c96/*"
},
{
"Sid": "ReadOnly2",
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/test"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::aws-cloudtrail-logs-123456789012-6cbd7c96/*“
}
全てのアカウントで
オブジェクト削除禁止
Testユーザーは
オブジェクトへの
書き込み禁止