Ensure that AWS S3 Server Access Logging feature is enabled in order to record access requests useful for security audits. By default, server access logging is not enabled for S3 buckets.
This rule can help you with the following compliance standards:
- PCI
- HIPAA
- GDPR
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
With Server Access Logging feature enabled for your S3 buckets you can track any requests made to access the buckets and use the log data to take measures in order to protect them against unauthorized user access.
Audit
To determine if your S3 buckets have server access logging enabled, perform the following:
Remediation / Resolution
To enable Server Access Logging for an S3 bucket, you must be logged in as the bucket owner. To turn on this feature, perform the following:
References
- AWS Documentation
- Amazon S3 FAQs
- Managing Access Permissions to Your Amazon S3 Resources
- Server Access Logging
- Managing Bucket Logging
- Enabling Logging Using the Console
- AWS Command Line Interface (CLI) Documentation
- s3api
- list-buckets
- put-bucket-acl
- put-bucket-logging
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
S3 Bucket Logging Enabled
Risk level: Medium