AWS Storage Analyzer

Analyzer Name: AWS Storage

The user can navigate to Storage Analyzer either by clicking the “Jump To Analyzer” button in the “Storage Analyzer” card from the Analyzer catalog or the Storage Analyzer button below the search bar on the home page. Storage Analyzer uncovers unintended access, exposure visibility to critical resources, and the type of content stored in various cloud storage such as S3 via continuous monitoring and analysis of highly interconnected storage object topology, Identities, Policies, Roles, and Resources and notifies relevant ITOps personnel for further exploration and drill down via easily searchable and navigable views.

Purpose

The AWS Storage Analyzer provides comprehensive analysis of cloud storage configurations and usage, focusing on AWS S3 buckets. It offers insights into bucket usage, access patterns, compliance with security policies, and operational efficiency. This analyzer is crucial for IT Ops and Sec Ops engineers to ensure storage security, compliance, and optimize resource utilization. It helps in identifying misconfigured access permissions, inefficient storage practices, and potential security vulnerabilities.

List of Sightlines and Widgets

Sightline: All Buckets

• All Buckets

• Empty Buckets

• Avg Bucket Size

• Total Data

• Top 5 Buckets By Size

• ${dimension} Distribution

• Top 10 Most Accessed Buckets

• Bucket Size Trend

Sightline: Public Buckets

• All Public Buckets

• Buckets Whose Objects Can Be Public

• S3 Grants by Permission Type

Sightline: Buckets hosting static sites

• Buckets hosting static sites

• Top 5 Buckets by size in hosting static sites

Sightline: Bucket Versioning

• Buckets with Versioning

• Buckets Without Versioning

• S3 Versioning Status

Sightline: Buckets with Embedded Policy

• Buckets with Embedded Policy

• Buckets Without Embedded Policy

• Policies with Full Access

• Policies with Partial Access

• Allow vs Deny Distribution of Embedded Policies for Buckets

Sightline: Buckets with IAM Policy

• Buckets with IAM Policy

• Policies with Full Access

• Policies with Partial Access

• Allow vs Deny Distribution of IAM Policies for Buckets

Sightline: Buckets with Tags

• Tags On S3

• S3 Buckets Without Tags

• Buckets Per Tag

• Empty Buckets Per Tag

Sightline: User Access for Buckets

• Users with Direct S3 Access

• Users with S3 Access

• Latest S3 Access Events for a User

• Top 10 Users Who Access Buckets

• Access Events for Each User

• User Impact Analysis

Sightline: Group Access for Buckets

• Groups with Direct S3 Access

• Empty Groups with Direct Access to S3

Sightline: Role Access for Buckets

• Roles with Direct S3 Access

• Roles That Allow Federated Users Direct Access to S3

• Unused Roles Which Have Access to S3

• Latest S3 Access Events for a Role

Sightline: Bucket Access Analysis

• Denied Accesses

• Allowed Accesses

• Never Accessed Buckets

• Access to all S3 buckets time series

• Access Events Trend

• Bucket Last Accessed Distribution

• Buckets Not Accessed for a Week

• Last Time Buckets Were Accessed

• Bucket Access by Service Accounts Trend

Sightline: Bucket Anonymous Access Analysis

• Allowed Anonymous Accesses

• Denied Anonymous Accesses

• Access Kind Trend

Sightline: Service Access for Buckets

• EC2 insts with S3 access

• EC2 Insts with List Buckets Permission

• EC2 Insts That Expose S3 Buckets to the Public

• Users That Have Access to S3 Through EC2 Instances

• S3 Action Distribution

Sightline: Bucket Encryption Analysis

• Buckets with Encryption

• Buckets Without Encryption

• Distribution of SSE Algorithms

Sightline: Objects

• Avg Object Size

• Number of objects read and written in the last N days

• Object Count Trend

Sightline: Tags

• Tags for Bucket

• Tags Shared with Other Buckets

Sightline: Policies

• Inline Policies for Bucket

• IAM Policies for Bucket

• Distribution of Inline Access

• Distribution of IAM Access

Sightline: Access Analysis

• Top 10 Users Who Frequently Access This Bucket

Sightline: Buckets with CloudFront CDN

• Buckets Which Host Static Content for CloudFront CDN

• Enabled Status of CloudFront for Buckets

Sightline: Buckets Logging Analysis

• Buckets Used for CloudTrail Logging

• Buckets with Server Access Logging

• Buckets Without Server Access Logging

• S3 Versioning Status

Sightline: Bucket Access

• Buckets Accessible Through IAM Policy

• Buckets Accessible by User by ${dimension}

Sightline: Access Events for S3 Objects

• Latest Access Events for S3 Objects

Sightline: Buckets with Replication

• Buckets with Replication Enabled

• S3 Replication Rule Status

Sightline: User Access Policies for Buckets

• Users with Partial Access Through Inline Policy

• Users with Full Access Through Inline Policy

• Users with Partial Access Through IAM Policy

• Users with Full Access Through IAM Policy

• Count of Users with Access to S3 by Access Type

Sightline: Objects Within Buckets

• Avg Object Size

• Objects Read Write Trend

• Object Count Trend

Sightline: Buckets with Public Access

• Buckets with Public Access Block

• Buckets Without Public Access Block

• Buckets with and Without Public Access Block