AWS-CloudTrail-CloudTrail-Bucket-Access-Logging

Severity: Critical

Description: This control ensures that bucket logging is enabled for S3 bucket configured with CloudTrail. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. Configuring logs to be placed in a separate bucket allows access to log information which can be useful in security and incident response workflow. It is recommended that bucket access logging be enabled on the CloudTrail S3 bucket.

Remediation Steps:

Perform following to update cloudtrail server access logging :

1. Login to the AWS Management Console at https://console.aws.amazon.com

2. Navigate to S3 service.

3. Click on S3 bucket reported to enable server access logging.

4. Click on the Properties tab.

5. Choose Server access logging.

6. Choose Enable Logging. For Target, choose the name of the bucket that you want to receive the log record objects.

7. Optionally, For Target prefix, type a key name prefix for log objects, so that all the log objects begin with the same string.

8. Choose Save.

Important:

Reference:

• CIS reference: CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #3.6

• https://docs.aws.amazon.com/AmazonS3/latest/user-guide/server-access-logging.html