AWS-S3-Server-Access-Logging-Off

Severity : Medium

Description: This control ensures that the logging is enabled on S3 buckets. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. It is recommended that bucket access logging be enabled on the CloudTrail S3 bucket.

Remediation Steps:

Perform following to update S3 bucket access logging :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to s3 console.

3. In the navigation pane,  select buckets.

4. Click on the bucket to be modified, click Properties.

5. On Properties page, Choose Server Access Logging and click Enable Logging.

6. Set Target Bucket to receive the log record objects. Set Target Prefix (Optional).

7. Choose save.

Important:

Reference:

• https://docs.aws.amazon.com/AmazonS3/latest/user-guide/server-access-logging.html