Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/tailpipe-mod-aws-s3-server-access-log-detections
Overview
3Dashboards
6Benchmarks
21Queries
1Variables
GitHub

Dashboard: S3 Server Access Log Activity Dashboard

This dashboard answers the following questions:

  • How many total S3 requests were recorded?
  • How many requests were successful, redirected, or resulted in client/server errors?
  • How have S3 requests trended daily?
  • Which S3 buckets received the most requests?
  • What are the most common HTTP status code categories observed?
  • What are the top 10 most requested URLs?
  • What are the top 10 operations performed on S3?
  • What are the top 10 error codes returned by S3?
  • Who are the top 10 requesters interacting with S3?
  • What are the top 10 source IPs making requests?
  • What are the top 10 successful URLs accessed?
  • What are the top 10 URLs that resulted in errors?
This dashboard contains 5 cards.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-aws-s3-server-access-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select S3 Server Access Log Activity Dashboard dashboard.

You could also snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe dashboard run aws_s3_server_access_log_detections.dashboard.activity_dashboard --share

Queries

This dashboard uses the the following queries:
select
  count(*) as "Client Errors (4xx)"
from
  aws_s3_server_access_log
where
  http_status between 400 and 499;

Tags

category = Detections
folder = S3
plugin = aws
service = AWS/S3
type = Dashboard