AWS Batch Job - clean up history

0

Hello,

In one of my company's AWS account we have vulnerable information leak issue. AWS Batch jobs were launched with ENV variables and this variables contains very important and vulnerable details. We would like to wipe out this history from the account. How can we do that ?

Thanks

asked a month ago57 views
1 Answer
4
Accepted Answer

There is no API to clear the AWS batch job history.

The job state for SUCCEEDED and FAILED jobs is persisted in AWS Batch for at least 7 days (see here and here).

If this account is a member of an organization you can create and associate SCP (Service Control Policy) to this account that will prevent any principal from describing that job (and remove the SCP after 7 days has passed).

Example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "batch:DescribeJobs",
            "Resource": "arn:aws:batch:REGION:ACCOUNT_ID:job/JOB_ID"
        }
    ]
}
profile pictureAWS
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions