S3 Bucket Logging Disabled

  • Query id: c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d
  • Query name: S3 Bucket Logging Disabled
  • Platform: Ansible
  • Severity: Medium
  • Category: Observability
  • URL: Github

Description

Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: "Create S3 bucket"
  amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    debug_botocore_endpoint_logs: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    debug_botocore_endpoint_logs: true