Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: CodeBuild Project Environments Logging Configuration

This rule ensures CodeBuild project environments have a proper logging configuration.

RuleCodeBuild project environments should have a logging configuration
FrameworkAWS Foundational Security Best Practices
Severity
Medium

Rule Description

The CodeBuild project environments should have a logging configuration in place to adhere to the AWS Foundational Security Best Practices. Logging is crucial for monitoring and analyzing system activities, identifying security incidents, and troubleshooting issues in the environment.

Troubleshooting Steps

  2. 1.
    Review the CodeBuild project environment's logging configuration to ensure it is set up properly.
  4. 2.
    If the logging is not configured, follow the remediation steps to enable logging.

Remediation Steps

Enable Logging for CodeBuild Project Environment

  2. 1.
    Open the AWS Management Console and navigate to the CodeBuild service.
  4. 2.
    Select the CodeBuild project environment for which you want to enable logging.
  6. 3.
    Click on the "Edit" button at the top-right corner of the environment details page.
  8. 4.
    Scroll down to the "Logs" section.
  10. 5.
    Click on the "Enable CloudWatch Logs" checkbox to enable logging for the CodeBuild project.
  12. 6.
    Optionally, you can specify a log group name and log stream name.
    • Log Group Name: Enter a name for the log group where the CodeBuild logs will be stored. If left blank, a default name will be generated.
    • Log Stream Name: Enter a name for the log stream that will hold the CodeBuild logs. If left blank, a default name will be generated.
  14. 7.
    Click on the "Save" button to enable the logging configuration for the CodeBuild project.

CLI Command

If you prefer to use the AWS Command Line Interface (CLI) for enabling logging, you can use the following command:

aws codebuild update-project --name <project-name> --logs-config cloudWatchLogsEnabled=true [--logs-config cloudWatchLogsGroupName=<group-name> --logs-config cloudWatchLogsStreamName=<stream-name>]

Replace 

<project-name>
with the name of your CodeBuild project, 
<group-name>
with the desired log group name (optional), and 
<stream-name>
with the desired log stream name (optional). Run the command in your preferred CLI tool, such as AWS CLI or AWS CloudShell.

Note: Make sure you have the necessary permissions to modify the CodeBuild project and access the AWS CLI.

By following these steps, you will enable logging for the CodeBuild project environment as recommended by the AWS Foundational Security Best Practices. This will help you to monitor and protect your environment effectively.

Is your System Free of Underlying Vulnerabilities?
Find Out Now