Ensure S3 Bucket Access Logging Rule
This rule ensures S3 bucket access logging is enabled on the CloudTrail S3 bucket.
| Rule | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
| Framework | cis_v140 |
| Severity | ✔ Low |
Rule Description:
S3 bucket access logging should be enabled on the CloudTrail S3 bucket in order to monitor and track access to the bucket. This is an important security measure that helps in auditing and detecting any unauthorized access or suspicious activities.
Troubleshooting Steps:
- 1.Verify if S3 bucket access logging is enabled for the CloudTrail S3 bucket.
- 2.Check the CloudTrail configuration to ensure it is properly set up with the S3 bucket.
- 3.Review the IAM policies and roles associated with CloudTrail to confirm the necessary permissions are in place.
- 4.Verify if the S3 bucket policy allows CloudTrail to write access logs.
Necessary Codes:
There are no specific codes required for this rule.
Remediation Steps:
- 1.
Open the AWS Management Console and go to the S3 service.
- 2.
Search for the S3 bucket named "cis_v140" associated with CloudTrail.
- 3.
Select the S3 bucket and go to the "Properties" tab.
- 4.
Scroll down to the "Server access logging" section and click on "Edit".
- 5.
Check the box "Enable logging" if it is not already checked.
- 6.
Choose the target bucket where you want to store the access logs.
- 7.
Enter a prefix if needed, to organize the logs.
- 8.
Click on "Save" to enable access logging for the S3 bucket.
CLI Command:
There is no CLI command required for this remediation. The steps described above can be performed through the AWS Management Console.
By enabling S3 bucket access logging for the CloudTrail S3 bucket, you ensure that all access to the bucket is logged and monitored. This enhances the security and compliance of your AWS infrastructure.