AWS S3 bucket lifecycle disabled
Description
AlphaSOC detected that an Amazon Simple Storage Service (S3) bucket lifecycle policy was disabled or deleted. S3 lifecycle policies automate object transitions between storage classes and manage object expiration to optimize costs and enforce data retention requirements. Disabling these policies can disrupt automated data management workflows and may indicate attempts to prevent proper data lifecycle management.
Impact
Disabling S3 lifecycle policies prevents automated data management, potentially resulting in increased storage costs and manual management overhead. Organizations may face regulatory compliance challenges if data retention requirements are not properly enforced. The accumulation of outdated or unnecessary data can increase storage costs, complicate data governance efforts, and may disrupt business processes that depend on automated archival or deletion workflows.
Severity
| Severity | Condition |
|---|---|
Low | AWS S3 bucket lifecycle disabled |
Investigation and Remediation
Review AWS CloudTrail logs to identify when and by whom the lifecycle policy was disabled or deleted. Determine whether the change was authorized and evaluate the impact on data retention and compliance requirements. If unauthorized, restore the appropriate lifecycle configuration. Consider strengthening IAM policies to limit who can modify lifecycle configurations and implement CloudWatch alerts to monitor future lifecycle policy changes.