AWS Access logging not enabled on S3 buckets

Description

Checks for S3 buckets without access logging turned on. Access logging allows customers to view complete audit trail on sensitive workloads such as S3 buckets. It is recommended that Access logging is turned on for all S3 buckets to meet audit & compliance requirement

Code Example

+ resource "aws_s3_bucket_logging" "example" {
+   bucket = aws_s3_bucket.example.id
+ 
+   target_bucket = aws_s3_bucket.log_bucket.id
+   target_prefix = "log/"
+ }

Remediation

Terraform

Resource: aws_s3_bucket, aws_s3_bucket_logging

Rule Details

Field	Value
ID	IAC-0072
Severity	INFO
IaC Type	Cloudformation
Frameworks	CloudFormation, Terraform, TerraformPlan, Serverless
Checkov ID	CKV_AWS_18

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS Access logging not enabled on S3 buckets

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS Access logging not enabled on S3 buckets ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS Access logging not enabled on S3 buckets

Description

Code Example

Remediation

Rule Details

References