This rule ensures Object-level logging for write events is enabled for S3 bucket.
Rule | Ensure that Object-level logging for write events is enabled for S3 bucket |
Framework | cis_v150 |
Severity | ✔ Critical |
Rule Description
The rule requires enabling object-level logging for write events on an S3 bucket named "cis_v150". This will help track and audit any write actions performed on objects within the bucket. By enabling this logging feature, it provides increased visibility and accountability for any modifications made to the bucket's objects.
Enabling object-level logging allows the capture of details such as the identity of the user performing the write action, the specific object modified, the type of operation performed (e.g., put, post, copy), and the timestamp of the event.
Troubleshooting Steps (if applicable)
1. Check Bucket Name
Ensure that the S3 bucket named "cis_v150" exists and is correctly spelled. Verify that the rule is intended for this particular bucket.
2. Verify Bucket Region
Confirm that the S3 bucket is in a region that supports object-level logging for write events. Certain regions may not have this feature available, so it is essential to ensure compatibility.
3. Check Permissions
Ensure that the appropriate IAM permissions are in place to enable object-level logging. Specifically, the user or role configuring the bucket must have sufficient permissions to enable and access the logging settings and associated resources.
4. Review Bucket Policy
Examine the bucket policy to ensure there are no conflicting or restrictive settings that might prevent enabling object-level logging for write events. Adjust the policy if necessary to accommodate.
Necessary Code (if applicable)
No code is required for this particular rule.
Step-by-Step Guide for Remediation
To enable object-level logging for write events on the S3 bucket "cis_v150," follow these steps:
Open the AWS Management Console and navigate to the S3 service.
Locate and click on the "cis_v150" bucket from the list of available buckets.
In the bucket overview page, click on the "Properties" tab.
Scroll down to the "Event notifications" section and click on the "Manage events" button.
Click on the "+ Add notification" button to create a new event notification.
In the "Create event notification configuration" window, provide a suitable name for the event configuration.
Choose the event type "Put" from the drop-down menu.
Check the box for "Object-level operations" to capture all write events performed on objects within the bucket.
Under "Send to," select a target destination for the event logs. This could be an Amazon S3 bucket, an AWS Lambda function, or an Amazon Simple Notification Service (SNS) topic.
Configure other settings such as filtering, prefix/suffix, and any required additional options.
Once all settings are configured, click on the "Save" button to enable object-level logging for write events on the S3 bucket "cis_v150".
Note
Ensure that the appropriate IAM policies and permissions are in place for users or roles that might need to access or analyze the object-level logs generated. Additionally, regularly monitor the logs and review them to identify any suspicious or unauthorized write activities within the S3 bucket.