CloudWiki
Rules
Medium

Ensure S3 buckets have server access logging enabled to track access requests

Security & Compliance
Description

To enhance security and compliance auditing, it is recommended to enable the Server Access Logging feature for your Amazon S3 buckets. This feature provides detailed records of request types, requested resources, and request processing time, which can help you understand your user base and S3 billing. By default, this feature is not enabled for S3 buckets. Enabling it can assist with compliance standards such as PCI, HIPAA, GDPR, APRA, MAS, and NIST4, and can also align with the AWS Well-Architected Framework.

Remediation

To ensure that access requests made to Amazon S3 buckets are tracked, follow these remediation steps to enable Server Access Logging:

  1. Sign in to the AWS Management Console.
  2. Open the Amazon S3 console.
  3. Select the S3 bucket for which you want to enable Server Access Logging.
  4. Choose the "Properties" tab.
  5. Under the "Server access logging" section, click "Edit".
  6. Choose the "Enable logging" option.
  7. Provide the target bucket name where you want to store the access logs.
  8. Optionally, you can define a prefix for the access logs.
  9. Choose the appropriate logging permissions to grant the S3 bucket permission to write logs to the target bucket.
  10. Click "Save".

Once enabled, the Server Access Logging feature can provide useful data for security and compliance audits, as well as help you understand your user base and Amazon S3 bill.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.