Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Bucket Logging Should Be Enabled

This rule requires enabling logging for S3 buckets to ensure proper configuration management.

RuleS3 bucket logging should be enabled
FrameworkNIST 800-53 Revision 5
Severity
Low

Rule Description:

S3 bucket logging should be enabled to comply with the NIST 800-53 Revision 5 security standard. Enabling logging for S3 buckets helps in tracking access, identifying unauthorized activities, and preserving important audit trail information. This rule ensures that all buckets have logging enabled, which is crucial for meeting the security requirements specified by NIST 800-53 Revision 5.

Troubleshooting Steps (if any):

  2. 1.
    Verify that the AWS account used has the necessary permissions to enable S3 bucket logging.
  4. 2.
    Check if the bucket policy allows logging configuration modifications.
  6. 3.
    Ensure that the S3 bucket is not currently being used in any active AWS CloudTrail trail. Disabling logging requires modifications to be made to the bucket and can cause disruption if CloudTrail is actively using the bucket.
  8. 4.
    Verify if the bucket already has logging enabled but the configuration is incorrect or incomplete.
  10. 5.
    Check if the bucket is not publicly accessible and logging is disabled due to security concerns.

Necessary Code (if any):

No code snippet is necessary for this rule. The remediation steps involve enabling logging through the AWS Management Console or using AWS Command Line Interface (CLI) commands.

Step-by-Step Guide for Remediation:

  2. 1.
    Open the AWS Management Console and navigate to the S3 service.
  4. 2.
    Select the bucket for which logging needs to be enabled.
  6. 3.
    Click on the "Properties" tab and select "Server access logging."
  8. 4.
    Click on the "Edit" button to modify the logging configuration.
  10. 5.
    Enable server access logging by checking the box next to "Enable log delivery for this bucket."
  12. 6.
    Specify the target bucket where the logs should be stored. It can be the same bucket or a different one.
  14. 7.
    Configure the log prefix if required. A prefix helps in organizing and categorizing logs.
  16. 8.
    Click on "Save changes" to enable S3 bucket logging.

Alternatively, you can use AWS CLI to enable S3 bucket logging. Execute the following CLI command:

aws s3api put-bucket-logging --bucket <bucket-name> --logging-configuration '{"LoggingEnabled":{"TargetBucket":"<target-bucket-name>","TargetPrefix":"<log-prefix>"}}'

Ensure you replace 

<bucket-name>
with the name of the bucket you want to enable logging for, 
<target-bucket-name>
with the name of the bucket where the logs should be stored, and 
<log-prefix>
with the desired prefix for the logs.

By following these steps, the S3 bucket logging will be enabled, ensuring compliance with NIST 800-53 Revision 5.

Is your System Free of Underlying Vulnerabilities?
Find Out Now