This event detects an S3 bucket ACL change.
Why this Event is Important
The AWS Access Control List (ACL) plays an important part in limiting the extent to which your S3 buckets are exposed. Unauthorized ACL modification can give attackers access to the interfaces of your S3 bucket instance.
Ensure that all changes to ACLs are audited and made only by authorized personnel. Look for rules allowing access to unknown IP addresses. Check for anomalies in ACL changes.
Revert all unnecessary NACL changes. Use a common template to make changes. Follow the principle of least privilege.