This rule ensures that all S3 buckets are logging S3 data events in CloudTrail.
Rule | All S3 buckets should log S3 data events in CloudTrail |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ Medium |
Rule Description
This rule ensures that all of your S3 buckets are configured to log S3 data events in CloudTrail, thereby enforcing compliance with NIST 800-171 Revision 2.
Troubleshooting Steps
If you encounter any issues while implementing this rule, here are some troubleshooting steps you can take:
Verify AWS CloudTrail configuration: Ensure that you have properly configured CloudTrail in the AWS Management Console. Check if the correct S3 bucket is specified for storing CloudTrail logs.
Check S3 bucket permissions: Ensure that the IAM role associated with CloudTrail has the necessary permissions to access your S3 buckets. Verify that the appropriate IAM policies are attached to the IAM role.
Confirm S3 bucket server access logging: Ensure that server access logging is enabled for each S3 bucket you want to monitor. This can be verified through the AWS Management Console or by using the AWS CLI.
Review CloudTrail event history: Check the CloudTrail event history and logs for any error messages or events related to S3 data events. This can help identify specific issues or misconfigurations.
Remediation Steps
Follow these steps to remediate any non-compliant S3 buckets and ensure they are logging S3 data events in CloudTrail:
Configuration via AWS Management Console:
Configuration via AWS CLI:
Use the following AWS CLI commands to enable S3 data event logging in CloudTrail:
aws cloudtrail update-trail --name <trail_name> --enable-s3-data-events
Replace
<trail_name>
with the name of your CloudTrail trail.The above command will enable S3 data event logging for all S3 buckets in the selected CloudTrail trail.
Verify Compliance:
After enabling the configuration, validate if the S3 buckets are compliant by performing the following steps:
Repeat Steps for Each Non-Compliant Bucket:
If there are multiple non-compliant S3 buckets, repeat the above steps to enable S3 data event logging for each bucket individually.
Following these steps will ensure that all your S3 buckets are configured to log S3 data events in CloudTrail, meeting the requirements of NIST 800-171 Revision 2.