CHECK_ID_check23="" 
CHECK_TITLE_check23="" 
CHECK_SCORED_check23="" 
CHECK_TYPE_check23="" 
CHECK_ALTERNATE_check23="check23" 
 
check23(){
  # "Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
  textTitle "$ID23" "$TITLE23" "SCORED" "LEVEL1"
  CLOUDTRAILBUCKET=$($AWSCLI cloudtrail describe-trails --query 'trailList[*].S3BucketName' --output text $PROFILE_OPT --region $REGION)
  if [[ $CLOUDTRAILBUCKET ]];then
    for bucket in $CLOUDTRAILBUCKET;do
      CLOUDTRAILBUCKET_HASALLPERMISIONS=$($AWSCLI s3api get-bucket-acl --bucket $bucket --query 'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers`]' $PROFILE_OPT --region $REGION --output text)
      if [[ $CLOUDTRAILBUCKET_HASALLPERMISIONS ]];then
        textWarn "check your $bucket CloudTrail bucket ACL and Policy!"
      else
        textOK "Bucket $bucket is set correctly"
      fi
    done
  else
    textWarn "No CloudTrail bucket found!"
  fi
}