Back to All Scenarios
PASSEDcloud / aws_s3
S3 Bucket Policy Accidentally Made Public
An S3 bucket containing customer data was accidentally made public through a policy change. AWS Access Analyzer detected the exposure.
Pattern
AWS_CLOUD
Expected: S3_PUBLIC_BUCKET
Severity
HIGH
Confidence
68%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | S3_PUBLIC_BUCKET | AWS_CLOUD | |
| Severity Assessment | CRITICAL | HIGH | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
AWS S3 bucket 'company-customer-data'. Bucket policy changed to allow s3:GetObject for principal '*'. Contains PII (customer records). Access Analyzer flagged as public.
Injected Error Messages (1)
S3 BUCKET PUBLIC — bucket 'company-customer-data' accessible to anonymous users, policy allows s3:GetObject for principal *, contains customer PII, Access Analyzer: PUBLIC, changed 30 minutes ago
Neural Engine Root Cause Analysis
AWS cloud infrastructure event detected — an EC2 instance may be unreachable or in a stopped state, an RDS database is experiencing issues, a load balancer has unhealthy targets, or a Lambda function is failing. AWS service disruptions can cascade across dependent resources and affect application availability.
Remediation Plan
1. Check the AWS Health Dashboard and Personal Health Dashboard for any active service events.
2. For EC2 issues, check instance status checks (system and instance), review CloudWatch metrics, and check VPC security group rules.
3. For RDS, verify database instance status, check storage and connection limits, and review slow query logs.
4. For ELB issues, check target group health checks and verify backend instances are responding.
5. For Lambda, review CloudWatch Logs for invocation errors and check IAM permissions and VPC connectivity.
Improvements Applied
- Pattern classified as AWS_CLOUD (expected S3_PUBLIC_BUCKET)
- Severity: HIGH (expected CRITICAL)
Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnoo5z001blig7g40pocs5