Back to All Checks
Low CloudTrail Regional

Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket

CISNIST

Description

S3 bucket access logging generates a log that contains access records for each request made to your S3 bucket.

Remediation

To comply with this control, you must enable access logging for the S3 bucket used by CloudTrail. This provides detailed records for the requests made to access the bucket, enhancing security and compliance.

Steps

  1. Sign in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3/.
  2. In the S3 console, find and select the S3 bucket used by CloudTrail.
  3. Click on the 'Properties' tab for the selected bucket.
  4. In the 'Properties' section, scroll down to the 'Server access logging' section.
  5. Click on 'Edit' in the 'Server access logging' section.
  6. In the edit screen, select 'Enable' for server access logging.
  7. Specify a target bucket where the access logs will be stored. This can be the same bucket or a different one.
  8. Optionally, set a prefix for the log files to help organize and identify them easily.
  9. Click on 'Save changes' to enable access logging.

Compliance

CISNIST
Start Your Free Security Check