CloudTrail Bucket Access Logging

Quick Info

Plugin TitleCloudTrail Bucket Access Logging
DescriptionEnsures CloudTrail logging bucket has access logging enabled to detect tampering of log files
More InfoCloudTrail buckets should utilize access logging for an additional layer of auditing. If the log files are deleted or modified in any way, the additional access logs can help determine who made the changes.
AWS Link
Recommended ActionEnable access logging on the CloudTrail bucket from the S3 console

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for “CloudTrail”.
  3. In the “Dashboard” panel click on “View trails” button.
  4. Select the “trail” that needs to be verified under “Name” column.
  5. Scroll down and under the “Storage location” option check the S3 bucket used to store log data.
  6. Go to “Services” and search for “S3” to go into S3 buckets dashboard.
  7. Select the “S3 bucket” used to store data log in CloudTrail.
  8. Click the “Properties” tab from panel to get into Properties configuration options.
  9. From “Server Access Login” check if the “Enabled” checkbox is selected and if the “Disable Logging” checkbox is selected the logging feature is not enabled for the selected “CloudTrail” bucket.
  10. Click on “Enabled” checkbox and specify the “Target bucket” used to store data log files. Provide a “Prefix” that S3 can assign to all log object keys. Save the changes after review.