Rule: S3 Bucket Logging Should Be Enabled
This rule ensures that S3 bucket logging is enabled for Audit and Accountability compliance.
| Rule | S3 bucket logging should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Low |
Rule Description:
S3 bucket logging should be enabled for compliance with NIST 800-171 Revision 2. S3 bucket logging is an essential security measure that helps track and monitor access to objects stored in S3 buckets. By enabling logging, you can capture valuable information such as the source IP addresses, request time, and the actions performed on your S3 objects. This information is crucial for forensic analysis, access control monitoring, and compliance audits.
Enabling S3 bucket logging ensures that you meet the security requirements outlined in NIST 800-171 Revision 2 to protect Controlled Unclassified Information (CUI) stored in S3 buckets.
Troubleshooting Steps:
- 1.
Verify the S3 bucket: Ensure that you have an existing S3 bucket where you want to enable logging. If not, create a new S3 bucket using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs.
- 2.
Check IAM permissions: Make sure you have sufficient IAM permissions to enable S3 bucket logging. The IAM user or role should have the necessary permissions to configure logging for the S3 bucket. Review and update the IAM policies if required.
- 3.
Verify Bucket ACL and Bucket Policy: Ensure that the bucket access control list (ACL) and bucket policy allow the necessary permissions for logging. The bucket ACL should grant permission to the entity (IAM user, role, or AWS account) attempting to enable logging.
- 4.
Check for conflicting settings: Confirm that there are no conflicting settings or policies that might prevent S3 bucket logging. For example, conflicting bucket policies or settings that disable logging globally for the AWS account.
Necessary Codes:
No specific code is required for this rule. However, you may need to use the AWS Management Console, AWS CLI, or AWS SDKs to enable S3 bucket logging.
Step-by-Step Guide for Remediation:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the Amazon S3 service.
- 3.Select the S3 bucket for which you want to enable logging.
- 4.Click on the "Properties" tab.
- 5.Scroll down to the "Server access logging" section and click on the "Edit" button.
- 6.Click on the checkbox to enable logging for the bucket.
- 7.Provide a target bucket where you want to store the log files. You can choose an existing bucket or create a new one.
- 8.(Optional) Define a log file prefix to add a prefix or folder structure to the log files.
- 9.Click on the "Save changes" button to enable S3 bucket logging.
- 10.Verify that logging is enabled by checking the "Status" column in the "Server access logging" section.
Ensure that you follow the best practices for log file management, including proper security controls, retention policies, and access restrictions to protect the logged data. Regularly review and monitor the log files for any suspicious or unauthorized activities.
By enabling S3 bucket logging, you are compliant with the NIST 800-171 Revision 2 requirement to maintain logs for monitoring access to CUI stored in S3 buckets.