Link Search Menu Expand Document
×
Topics

Insufficient Logging in AWS

Play SecureFlag Play AWS Labs on this vulnerability with SecureFlag!

Many AWS services, including S3, CloudTrail, CloudWatch, and others, provide logging capabilities that can be used to monitor and detect security incidents. However, only some of these services are enabled by default and must be configured by the user.

S3 Bucket Logging

S3 buckets can be configured to log all requests made to the bucket. This can be done by enabling server access logging on the bucket. This will create a log file for each request made to the bucket, which can then be analyzed to detect security incidents.

```hcl resource “aws_s3_bucket” “example” { bucket = “example” acl = “private”

logging { target_bucket = aws_s3_bucket.logs.bucket target_prefix = “log/” } }