Certified Security - Specialty

Sign Up Free or Log In to participate!

Can the digest files be deleted?

what protection mechanisms exist by default for the digest files?

1 Answers

By default there are no built in protections for the Digest files. You can however, prevent deletion by IAM and Bucket Policies. It’s best practices to deliver Cloud Trail logs to a bucket that only trusted individuals have read access to. I would say only CloudTrail needs write access so it can be, and should be, locked down. 


Vinayak Raghuvamshi

Thanks for the response. The reason I asked is because both the logs as well as digest are going to the same bucket. So if someone can mess with the logs then they can also mess with the digest and if we are able to lock down the digest then the logs should also be automatically protected. Unless I am missing something.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?