Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Ensure S3 Bucket Access Logging Is Enabled on CloudTrail S3 Bucket

This rule ensures that access logging is enabled for the CloudTrail S3 bucket, enhancing security.

RuleEnsure S3 bucket access logging is enabled on the CloudTrail S3 bucket
Frameworkcis_v150
Severity
Low

Rule Description:

This rule ensures that access logging is enabled on the CloudTrail S3 bucket for cis_v150. Enabling S3 bucket access logging provides detailed information about all requests made to the bucket and helps with security, compliance, and auditing purposes.

Troubleshooting Steps:

If access logging is not enabled on the CloudTrail S3 bucket, follow these troubleshooting steps:

  2. 1.
    Verify the name and location of the CloudTrail S3 bucket.
  4. 2.
    Check if the necessary permissions are assigned to the AWS Identity and Access Management (IAM) role associated with your CloudTrail.
  6. 3.
    Ensure that the S3 bucket policy allows write access to the AWS Log Delivery group.

Remediation Steps:

Follow the steps below to enable access logging on the CloudTrail S3 bucket:

  2. 1.
    Open the AWS Management Console and navigate to the CloudTrail service.
  4. 2.
    Select the CloudTrail trail associated with the cis_v150.
  6. 3.
    Click on the "Event history" tab.
  8. 4.
    Identify the S3 bucket used for CloudTrail logs.
  10. 5.
    Open the Amazon S3 console.
  12. 6.
    Search for the identified S3 bucket.
  14. 7.
    Click on the bucket name to open its properties.
  16. 8.
    Select the "Properties" tab.
  18. 9.
    Locate the "Server access logging" section and click on "Edit".
  20. 10.
    Enable server access logging by selecting the checkbox.
  22. 11.
    Choose a target bucket to store the access logs. You can create a new bucket or select an existing one.
  24. 12.
    Specify a unique prefix for the access log objects to ease log analysis.
  26. 13.
    Click "Save" to enable access logging on the CloudTrail S3 bucket.

AWS CLI Commands:

Alternatively, you can use the AWS Command Line Interface (CLI) to enable access logging on the CloudTrail S3 bucket. Use the following commands:

  2. 1.
    To enable access logging:
aws s3api put-bucket-logging --bucket <bucket-name> --logging-configuration '{"DestinationBucketName":"<logging-bucket>","LogFilePrefix":"<log-prefix>"}'

Replace 

<bucket-name>
with the name of the CloudTrail S3 bucket, 
<logging-bucket>
with the name of the bucket where access logs will be stored, and 
<log-prefix>
with a unique prefix for the access log objects.

Conclusion:

Enabling access logging on the CloudTrail S3 bucket provides valuable information for auditing and monitoring purposes. By following the remediation steps mentioned above, you can ensure that S3 bucket access logging is enabled on the CloudTrail S3 bucket for cis_v150.

Is your System Free of Underlying Vulnerabilities?
Find Out Now