From cd8ea24c61dcc53e728c62890459329ca2d208c9 Mon Sep 17 00:00:00 2001
From: Araveti Esanya Reddy <esanya.araveti@kudelskisecurity.com>
Date: Wed, 11 Aug 2021 16:47:31 +0530
Subject: [PATCH] updated bucket policy

---
 atomics/T1562.008/T1562.008.yaml |  5 ++++-
 atomics/T1562.008/policy.json    | 28 ++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 atomics/T1562.008/policy.json

diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml
index a40bdb36..ccddbecf 100644
--- a/atomics/T1562.008/T1562.008.yaml
+++ b/atomics/T1562.008/T1562.008.yaml
@@ -15,7 +15,7 @@ atomic_tests:
     s3_bucket_name:
       description: Name of the bucket
       type: String
-      default: "functionaltesttrail"
+      default: "redatomic-test"
     region:
       description: Name of the region
       type: String
@@ -25,6 +25,8 @@ atomic_tests:
         Check if ~/.aws/credentials file has a default stanza is configured
       prereq_command: |
         cat ~/.aws/credentials | grep "default"
+        aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region}
+        aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/policy.json
       get_prereq_command: |
         echo Please install the aws-cli and configure your AWS defult profile using: aws configure
   executor:
@@ -33,5 +35,6 @@ atomic_tests:
        aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
        aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
        aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
+       aws s3 rb s3://#{s3_bucket_name} --force 
     name: sh
     elevation_required: false
diff --git a/atomics/T1562.008/policy.json b/atomics/T1562.008/policy.json
new file mode 100644
index 00000000..ac55e733
--- /dev/null
+++ b/atomics/T1562.008/policy.json
@@ -0,0 +1,28 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AWSCloudTrailAclCheck20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:GetBucketAcl",
+            "Resource": "arn:aws:s3:::redatomic-test"
+        },
+        {
+            "Sid": "AWSCloudTrailWrite20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:PutObject",
+            "Resource": "arn:aws:s3:::redatomic-test/AWSLogs/*",
+            "Condition": {
+                "StringEquals": {
+                    "s3:x-amz-acl": "bucket-owner-full-control"
+                }
+            }
+        }
+    ]
+}