alt Hacker NewsIf you have data events enabled for your S3 bucket, CloudTrail will log every access to that bucket along with the identity of the principal used to access it. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/l...
If you have data events enabled for your S3 bucket, CloudTrail will log every access to that bucket along with the identity of the principal used to access it. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/l...
Right and in my example it would be the principal of the service account, not the compromised AWS account.
If you ran a cloud trail query that's essentially "Did Alice access user data in S3 ever?" the answer would be "No"
So that brings us back to the question, what is meant by "trust CloudTrail"