The Invisible Footprint: How Anonymous S3 Requests Evade AWS Logging
Varonis, Friday, April 17th, 2026
Learn how anonymous S3 requests evaded AWS CloudTrail logging via VPC endpoints, the risks to enterprises, and how AWS addressed the issue.
Varonis Threat Labs (VTL) discovered an evasive vulnerability that limits visibility into anonymous requests in CloudTrail Network Activity events. Regardless of whether the bucket's permissions allow or deny anonymous access, there were no logs in the Network Activity trail indicating any anonymous requests. In some cases, there were no logs at all.
Without anonymous activity being logged, organizations risk attackers inside their private cloud networks interacting with public buckets invisibly, evading detection by security teams entirely.