This rule monitors for changes to S3 bucket access policies.
S3 bucket access policies dictate who has what access to contents of the S3 bucket. S3 buckets are an extremely common form of storage, and data is often leaked from S3 bucket access misconfigurations where private company data is accidentally made publicly available.
Verify that the S3 bucket policy change was planned, and is reasonable in scope. If not planned, revert the change immediately and modify permissions to ensure this does not happen again.
CIS AWS Benchmark 3.8: "Ensure a log metric filter and alarm exist for S3 bucket policy changes"