Video: Unencrypted S3 Buckets Containing CloudTrail Logs

January 21, 2021
by
Akash Ganapathi

This is one in a series of short, simple J1 queries that will help you interrogate your AWS environments. The JupiterOne platform used to run these queries is free.

In this J1 Query example, we'll check to see if AWS CloudTrail logging is happening in buckets that are unencrypted.

Cut-and-Paste Query

Here's the query you can use to cut-and-paste into your J1 instance. Watch JupiterOne technical expert, Akash Ganapathi, walk through the example query and then display the results in real time. If you find this useful, give us some contact info at the bottom of this page and we'll send you twice a month updates as we continue to explore various environments with JupiterOne. You'll also receive a personal invitation to a hands-on J1 Query Workshop in March.

FIND aws_s3_bucket WITH encrypted!=true
  THAT (LOGS|ALLOWS) aws_cloudtrail

 

 

Contribute your J1 Query to the Community

We will frequently be adding cut-and-paste J1 queries to our gallery. Join the community and every two weeks we'll send you a list of new queries. You can contribute your own queries for inclusion and examination in an upcoming article. Use the form below to join us.

Akash Ganapathi
Akash Ganapathi

Akash Ganapathi comes from an enterprise security, data privacy, and data analysis background, working exclusively in the B2B software solutions space throughout his career. He is currently a Principal Security Solutions Architect at JupiterOne.

More blog posts by
Akash Ganapathi

SUBSCRIBE TO OUR NEWSLETTER

Stay up-to-date on emerging threats and security news

  • Checkmark
    Day-zero vulnerabilities & solutions
  • Checkmark
    Best practices for asset management
  • Checkmark
    Streamlining compliance and audit
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Keep Reading

JupiterOne Blog | Project Glasswing Proves That "Just Patch the Criticals" Is Dead. Here's What Comes Next.
April 8, 2026
Blog
Project Glasswing Proves That "Just Patch the Criticals" Is Dead. Here's What Comes Next.

Anthropic's Project Glasswing has shown that AI can now chain together vulnerabilities and exploit software faster than almost any human. That changes everything.

AI is Everywhere in Security. Accuracy Requires a Knowledge Graph| JupiterOne
March 30, 2026
Blog
AI is Everywhere at RSAC. Accuracy is Not.

Learn what RSAC 2026 reveals about the AI accuracy gap in security — and why agentic platforms without a knowledge graph add risk faster than they reduce it.

When the Control Plane Becomes the Battlefield: Lessons from the Stryker Incident | JupiterOne
March 17, 2026
Blog
When the Control Plane Becomes the Battlefield: Lessons from the Stryker Incident

Cyberattack reveals control-plane risk and how graph-native visibility helps security teams map attack paths and blast radius before an incident strikes.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.