Ensure that S3 server access logging is enabled
Server access logging provides detailed records for the requests that are made to a bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.
Risk Level: Low
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.CFT.LOG.04
Covered by Spectral: Yes
Category: Storage
GSL LOGIC
AWS_S3_Bucket where AccessControl!='LogDeliveryWrite' should have LoggingConfiguration
REMEDIATION
From CFT
Set AWS::S3::Bucket LoggingConfiguration
property with appropriate values for DestinationBucketName
and LogFilePrefix
References
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfig.html
Simple Storage Service (S3)
Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ��� web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago