Severity: HighCritical
Description: This control ensures that bucket logging is enabled for S3 bucket configured with CloudTrail. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. Configuring logs to be placed in a separate bucket allows access to log information which can be useful in security and incident response workflow. It is recommended that bucket access logging be enabled on the CloudTrail S3 bucket.
...