AWS-S3-S3-Bucket-Logging

Severity: High

Description: Checks for S3 buckets without access logging turned on. Access logging allows customers to view complete audit trail on sensitive workloads such as S3 buckets. It is recommended that Access logging is turned on for all S3 buckets to meet audit & compliance requirement.

Remediation Steps:

Perform the following to enable logging on s3 bucket :

1. Login to the AWS Console at https://console.aws.amazon.com and navigate to the 'S3' service.

2. Click on the the S3 bucket that was reported.

3. Click on the Properties tab.

4. Under the Server access logging section, select Enable logging.

5. Set Target Bucket to receive the log record objects. Set Target Prefix (Optional).

6. Choose save.

Importent :

Reference:

• https://docs.aws.amazon.com/AmazonS3/latest/user-guide/server-access-logging.html