This event detects the deletion of an S3 bucket in any AWS account.
Why this Event is Important
Unauthorized S3 bucket deletion can cause loss of data or sensitive information. For example, if an attacker gets access to an AWS account with user privileges to delete an S3 bucket, this could compromise the availability of data.
Ensure that only administrators have the ability to delete an S3 bucket. Validate if the S3 bucket was deleted by the authorized user. Check the user details for who deleted the S3 bucket. Search for anomalies such as logins from an unknown IP.
Check for valid business justification for S3 bucket deletion.