Skip to main content
All CollectionsTemplatesIntermediate
Enable Encryption on AWS S3 Bucket on Alert from Orca - Workflow Template
Enable Encryption on AWS S3 Bucket on Alert from Orca - Workflow Template

Receive an Orca alert on an AWS S3 bucket with encryption disabled, lookup owner tag, ask owner or channel to enable AES256 encryption.

Updated over 6 months ago

This Torq workflow template serves the business need for maintaining security compliance by automating the process of enabling encryption on AWS S3 buckets upon receiving an alert from Orca about disabled encryption. It identifies the bucket owner using tags, notifies them via Slack, and requests authorization to enable AES256 encryption. If approved, it applies the changes and triggers a verification scan. Rejection leads to creating a Jira ticket for follow-up, ensuring consistent security posture and regulatory compliance.

Take Me to the Template

Trigger

Orca

Use Cases

CSPM

Workflow Breakdown

  1. Retrieve tags on the AWS bucket

  2. Reach out to the bucket owner or Slack channel, notify them about the issue

  3. Suggest to remediate by enabling default AES256 encryption on the bucket

  4. Apply changes if the user approves and kick off a verification scan

  5. If user or channel rejects, collect a reason and open a follow-up Jira ticket

  6. Update comments on the Orca security alert id that was provided

Vendors

AWS, Slack, Utils, Orca, Jira Cloud

Workflow Output

Success/Failure via Jira issues and Slack messages

Tips

Setup the integrations and Jira details in the first Set Workflow Variables step

Related Articles
Enable AWS S3 Bucket Versioning on Orca Alert - Workflow Template
Enable AWS S3 Bucket Encryption on Alert from Wiz - Workflow Template
Enable AWS S3 Bucket Versioning on Alert from Wiz - Workflow Template
Enable AWS S3 Bucket Encryption on Alert (PrismaCloud) - Workflow Template
Handle AWS S3 Bucket Should Enforce HTTPS Alert from Orca - Workflow Template
Did this answer your question?