DATA OPS

Detect public-readable objects holding PII and page on-call

Scheduled scan that finds S3 objects with public-read ACLs, checks each one for PII.

CategoryData Ops

Enginesim

Difficultyadvanced

Triggerschedule

Steps6

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerSchedule fires
ActionList objects and filter to public-read ACLsAWS S3
ActionScan public objects for PII with OpenAIOpenAI
LogicBranch: public AND contains PII?
ActionRevoke public ACL, set object to privateAWS S3
OutputOpen PagerDuty incident with exposure detailsPagerDuty

What it does

Combines two signals that only matter together: an object being publicly readable AND containing PII. It enumerates public-ACL objects, scans just those for PII, and treats a match as an active incident rather than a backlog item — revoking public access and paging the on-call engineer immediately.

When to use it

Use this when public exposure is your top-severity risk and you need a fast escalation path, not a daily report. Good for production buckets where a misconfigured ACL on a PII file is a reportable breach.

How it works

1A schedule triggers the scan.
2The flow lists S3 objects and filters to those with public-read ACLs.
3Each public object is fetched and scanned by OpenAI for PII.
4A logic branch fires only when a public object also contains PII.
5The object's ACL is set back to private to stop the exposure.
6A PagerDuty incident is opened with the object key, exposure type, and remediation status.

Set it up

What you configure once, before turning it on.

1
Connect AWS S3Buckets, objects, signed URLs.
2
Connect OpenAIModels, embeddings, files.
3
Connect PagerDutyIncidents, on-call, escalations.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Raw Sensor Telemetry Archive to BigQuery

Captures every incoming building sensor reading via webhook, normalizes the payload into a consistent schema.

Browse all Data Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

AI Tools Startup

Ship an AI tool, distribute on every channel, watch the unit economics.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →