S3 Bucket Logging Disabled

• Query id: c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d
• Query name: S3 Bucket Logging Disabled
• Platform: Ansible
• Severity: Medium
• Category: Observability
• URL: Github

Description

Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: "Create S3 bucket"
  amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    debug_botocore_endpoint_logs: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    debug_botocore_endpoint_logs: true