Back to All Checks
Medium S3

S3 general purpose buckets should have server access logging enabled

NISTISO 27001HIPAA

Description

Checks if S3 bucket server access logging is enabled.

Remediation

To enable server access logging for an S3 bucket, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon S3 console.
  2. In the Buckets list, choose the name of the bucket for which you want to enable server access logging.
  3. Choose the 'Properties' tab.
  4. In the 'Server access logging' section, choose 'Edit'.
  5. Select 'Enable' for server access logging.
  6. In the 'Target bucket' field, enter the name of the bucket where you want the log files to be stored. This can be the same bucket or a different one.
  7. Optionally, you can specify a prefix for the log files in the 'Target prefix' field.
  8. Choose 'Save changes'.
  9. Ensure that the target bucket has the necessary permissions to store the log files. If you're using a different bucket for logs, you may need to update its bucket policy or ACL to allow log delivery.
  10. Verify that logs are being delivered to the target bucket after enabling the feature.

Compliance

NISTISO 27001HIPAA
Start Your Free Security Check