Rule: S3 Bucket Logging Should Be Enabled

Rule Description:

Troubleshooting Steps:

2. 1.
   Check if S3 bucket logging is enabled for all relevant buckets.
4. 2.
   Verify if appropriate permissions are granted to the necessary AWS Identity and Access Management (IAM) roles and users.
6. 3.
   Review the AWS CloudTrail logs to verify if there are any errors or issues related to S3 bucket logging.
8. 4.
   Check if there are any restrictions or blocked actions that could be affecting bucket logging.

Necessary Codes:

Step-by-Step Guide for Remediation:

2. 1.

   Sign in to the AWS Management Console using the appropriate IAM role or user credentials.

4. 2.

   Navigate to the S3 service by clicking on "Services" in the top navigation panel and searching for "S3". Click on "S3" to open the S3 dashboard.

6. 3.

   Locate the target bucket for which you want to enable logging and click on its name to open its details.

8. 4.

   Under the "Properties" tab, navigate to the "Server access logging" section.

10. 5.

    Click on "Edit" to modify the logging settings of the bucket.

12. 6.

    Enable server access logging by selecting the option "Enable logging" and providing an existing bucket that will be used to store the logs.

14. 7.

    Specify a log prefix if needed to organize the logs within the bucket.

16. 8.

    Choose the desired log file format (e.g., "Common Log Format (CLF)", "W3C Extended Format").

18. 9.

    Select the appropriate log file encryption option (e.g., SSE-S3, SSE-KMS, or none).

20. 10.

    Review the logging settings, ensuring they are correctly configured based on the requirements of NIST 800-53 Revision 5.

22. 11.

    Click on "Save changes" to enable logging for the bucket.

24. 12.

    Validate the logging configuration by confirming that the bucket now shows logging as enabled.

26. 13.

    Repeat the process for other relevant buckets to ensure compliance with the policy.