Video: Unencrypted S3 Buckets Containing CloudTrail Logs

January 21, 2021
by
Akash Ganapathi

This is one in a series of short, simple J1 queries that will help you interrogate your AWS environments. The JupiterOne platform used to run these queries is free.

In this J1 Query example, we'll check to see if AWS CloudTrail logging is happening in buckets that are unencrypted.

Cut-and-Paste Query

Here's the query you can use to cut-and-paste into your J1 instance. Watch JupiterOne technical expert, Akash Ganapathi, walk through the example query and then display the results in real time. If you find this useful, give us some contact info at the bottom of this page and we'll send you twice a month updates as we continue to explore various environments with JupiterOne. You'll also receive a personal invitation to a hands-on J1 Query Workshop in March.

FIND aws_s3_bucket WITH encrypted!=true
  THAT (LOGS|ALLOWS) aws_cloudtrail

 

 

Contribute your J1 Query to the Community

We will frequently be adding cut-and-paste J1 queries to our gallery. Join the community and every two weeks we'll send you a list of new queries. You can contribute your own queries for inclusion and examination in an upcoming article. Use the form below to join us.

Akash Ganapathi
Akash Ganapathi

Akash Ganapathi comes from an enterprise security, data privacy, and data analysis background, working exclusively in the B2B software solutions space throughout his career. He is currently a Principal Security Solutions Architect at JupiterOne.

More blog posts by
Akash Ganapathi

SUBSCRIBE TO OUR NEWSLETTER

Stay up-to-date on emerging threats and security news

  • Checkmark
    Day-zero vulnerabilities & solutions
  • Checkmark
    Best practices for asset management
  • Checkmark
    Streamlining compliance and audit
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Keep Reading

What’s New in Kubernetes Security: More CIS Rules, Smarter Detection, and Expanded Coverage | JupiterOne
June 13, 2025
Blog
What’s New in Kubernetes Security: More CIS Rules, Smarter Detection, and Expanded Coverage

New Kubernetes Rule Pack covers more CIS controls for Namespace and Secrets Management

Level Up Kubernetes Security with Our New Rule Pack Built on the CIS Benchmark | JupiterOne
June 3, 2025
Blog
Level Up Kubernetes Security with Our New Rule Pack Built on the CIS Benchmark

New Kubernetes Rule Pack covers 26 CIS controls for RBAC & Pod Security

Stop Stitching User Data Together. Get a Unified Identity Instead | JupiterOne
May 15, 2025
Blog
Stop Stitching User Data Together. Get a Unified Identity Instead.

Legacy IAM falls short. Identity first security uses continuous, contextual access controls to protect a decentralized world—far beyond the old perimeter.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.