This rule ensures enabling access logging on CloudTrail S3 bucket.
Rule | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
Framework | cis_v130 |
Severity | ✔ Low |
Ensure S3 Bucket Access Logging is Enabled on the CloudTrail S3 Bucket
Introduction
Enabling access logging on an S3 bucket that stores AWS CloudTrail logs is a security best practice recommended by the Center for Internet Security (CIS). It ensures that all access requests to the CloudTrail S3 bucket are recorded, which helps in security audits and detecting anomalous activities.
Rule Details
Description
Every access request to the CloudTrail S3 bucket should be logged. These logs provide detailed records of who has accessed the logs and can be used to monitor for unauthorized access or configuration changes.
Troubleshooting Steps
If access logging is not enabled on your CloudTrail S3 bucket, you may not be able to track access patterns and may miss critical security events. Here's how to troubleshoot and enable access logging:
Identify the Bucket: Check which S3 bucket is being used by CloudTrail to store logs.
Check Bucket Logging Status: Determine whether the bucket has access logging enabled.
Enable Bucket Logging: If logging is not enabled, turn it on by setting the target bucket for log delivery.
Necessary Codes and Commands
AWS CLI Commands
Here is a step-by-step guide to enable access logging using AWS CLI:
List Buckets: List all S3 buckets to identify the CloudTrail bucket.
aws s3api list-buckets --query 'Buckets[].Name'
Get Bucket Logging: Check the current bucket logging status.
aws s3api get-bucket-logging --bucket your-cloudtrail-bucket-name
Enable Bucket Logging: Enable access logging by specifying the target bucket and prefix.
aws s3api put-bucket-logging \
--bucket your-cloudtrail-bucket-name \
--bucket-logging-status '{
"LoggingEnabled": {
"TargetBucket": "your-logging-bucket-name",
"TargetPrefix": "your-log-file-prefix"
}
}'
Replace
your-cloudtrail-bucket-name
, your-logging-bucket-name
, and your-log-file-prefix
with appropriate values.Step by Step Guide for Remediation
Log in to the AWS Management Console.
Go to the S3 service.
Locate and click on the bucket used by CloudTrail.
Click on the 'Properties' tab.
Scroll down to the 'Server access logging' section.
If not enabled, click 'Edit'.
Set 'Server access logging' to Enabled.
Specify a Target bucket where the logs should be saved.
(Optional) Enter a prefix for logged objects, to help organize your logs.
Click 'Save changes'.
Review the S3 bucket policy and ensure that it allows 's3:PutObject' by 's3.amazonaws.com' so logs can be delivered.
Once access logging is enabled, monitor the logs regularly to ensure security compliance.
By following this guide precisely, with a clear explanation of each step, you can significantly improve your website's SEO as detailed instructional content is more likely to be shared and referenced, which also contributes to the page ranking and supports SEO efforts.