Ensure that any S3 buckets used by AWS CloudTrail have Server Access Logging feature enabled in order to track requests for accessing the buckets and necessary for security audits.
This rule can help you with the following compliance standards:
- The Center of Internet Security AWS Foundations Benchmark
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Since CloudTrail buckets contain sensitive information, these should be protected from unauthorized viewing. With S3 Server Access Logging enabled for your CloudTrail buckets you can track any requests made to access the buckets or even limit who can alter or delete the access logs to prevent a user from covering their tracks.
To determine if your CloudTrail buckets have server access logging enabled, perform the following:
Remediation / Resolution
To enable Server Access Logging for your CloudTrail bucket, you must be the bucket owner. To turn on this feature, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
CloudTrail S3 Bucket Logging Enabled
Risk level: Medium