S3 Bucket Logging Disabled
- Query id: c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d
- Query name: S3 Bucket Logging Disabled
- Platform: Ansible
- Severity: Medium
- Category: Observability
- URL: Github
Description¶
Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: "Create S3 bucket"
amazon.aws.s3_bucket:
name: mys3bucket
state: present
debug_botocore_endpoint_logs: false