AWS MQBroker audit logging is disabled

Description

This policy ensures that Amazon MQ Brokers have audit logging enabled. Audit logging is crucial for tracking access and changes to your MQ Brokers, thereby providing visibility into security-relevant events and supporting compliance requirements. This policy checks whether the `logs` property is configured to enable `audit` logging. Note that audit logging is not supported for RabbitMQ engine types.

Code Example

resource "aws_mq_broker" "example" {
  ...
  logs {
    audit = true
  }
  ...
}

Remediation

Terraform

To fix this issue, ensure that the `logs` property in the `aws_mq_broker` resource includes `audit` set to `true`, unless the engine type is `RabbitMQ`.

Example:

Rule Details

Field	Value
ID	IAC-0245
Severity	LOW
IaC Type	Cloudformation
Frameworks	Terraform
Checkov ID	CKV_AWS_197

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS MQBroker audit logging is disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS MQBroker audit logging is disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS MQBroker audit logging is disabled

Description

Code Example

Remediation

Rule Details

References