Find & remediate public AWS S3 buckets with Veza and add evidence to Drata controls

This story automatically finds AWS S3 buckets with Public Block Access disabled using Veza, routes each violation through a Jira-based remediation workflow, and logs evidence directly in Drata. So your team can fix misconfigurations and satisfy compliance controls without manual effort.

---

What you'll see:

• Query Veza for active violations where the S3 Public Block Access Policy is disabled
• Explode results so each bucket is handled individually
• Create a Jira ticket per violation and prompt the team to decide: make private or approve as public
• Route to a remediation branch that calls AWS directly to enable the Public Access Block policy
• Add a follow-up comment to the Jira issue confirming the fix was applied
• Handle the allowlist path separately, logging approved public buckets back in Jira
• Retrieve vulnerability management controls from Drata with pagination, then create external evidence documents linked to Jira results

---

Perfect for:

• Cloud security teams: Managing AWS misconfiguration backlogs across accounts with dozens of S3 buckets to review
• GRC and compliance teams: Needing clean, auditable evidence in Drata tied to real remediation actions
• SOC analysts: Triaging cloud violations and routing decisions without manual handoffs

---

Requirements:

• Veza - API credentials with access to run violation queries
• Jira - API token and project permissions to create and comment on issues
• AWS - IAM credentials with s3:PutBucketPublicAccessBlock permissions
• Drata - API credentials with access to controls and external evidence endpoints
• Familiarity with your organization's S3 bucket allowlist process