Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: All S3 Buckets Should Log S3 Data Events in CloudTrail

This rule ensures that all S3 buckets are logging S3 data events in CloudTrail.

RuleAll S3 buckets should log S3 data events in CloudTrail
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description:

All S3 buckets should have CloudTrail enabled to log S3 data events. This is in compliance with the NIST 800-53 Revision 5 security standard.

Troubleshooting Steps:

If CloudTrail is not enabled for an S3 bucket, follow these troubleshooting steps to ensure compliance with the rule:

  2. 1.

    Verify that the bucket has been created correctly.

  4. 2.

    Check if the bucket has the necessary permissions to enable CloudTrail.

  6. 3.

    Ensure that the CloudTrail service is activated in the AWS Management Console.

  8. 4.

    Confirm that the S3 bucket is included in the CloudTrail trails.

  10. 5.

    Review the CloudTrail logs to check if S3 data events are being captured.

  12. 6.

    If the issue persists, verify if there are any conflicting bucket policies or permissions that may be preventing CloudTrail from logging S3 data events.

Necessary Code:

The following AWS CLI code can be used to enable CloudTrail for an S3 bucket:

aws s3api put-bucket-logging --bucket <bucket-name> --logging-configuration '{"DestinationBucketName":"<logging-bucket>", "LogFilePrefix":"<prefix>"}'

Replace 

<bucket-name>
with the name of the S3 bucket for which you want to enable CloudTrail. Replace 
<logging-bucket>
with the name of the bucket that will store the CloudTrail logs. 
<prefix>
is an optional parameter for specifying the log file prefix.

Step-by-Step Guide for Remediation:

Follow these steps to remediate the non-compliant S3 bucket and enable CloudTrail with the necessary settings:

  2. 1.

    Login to the AWS Management Console.

  4. 2.

    Navigate to the S3 service.

  6. 3.

    Locate the non-compliant bucket and select it.

  8. 4.

    Click on the "Properties" tab for the selected bucket.

  10. 5.

    Scroll down to the "Management" section and click on "Edit" next to "CloudTrail settings."

  12. 6.

    Enable CloudTrail by selecting the checkbox for "Enable CloudTrail logging for this bucket."

  14. 7.

    Specify the destination bucket name for storing the CloudTrail logs in the "Logging bucket" field.

  16. 8.

    (Optional) Add a log file prefix to better organize the CloudTrail logs.

  18. 9.

    Click on "Save" to apply the changes.

  20. 10.

    Validate that the CloudTrail logging has been successfully enabled by reviewing the CloudTrail logs for S3 data events.

By following these steps, you can ensure that the S3 bucket is compliant with the NIST 800-53 Revision 5 security standard by enabling CloudTrail logging for S3 data events.

Is your System Free of Underlying Vulnerabilities?
Find Out Now