v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 3.10 Enable storage bucket access logging

Description

Access logging provides detailed records for the requests that are made to this bucket. This information can include the request type, the resources that are specified in the request, and the time and date that the request was processed. Access logs are useful for many applications.

Access log information is useful in security and access audits.

Remediation

From the Console:

  1. Login to AWS Console using https://console.aws.amazon.com.
  2. Click All services, click Lightsail under Compute.
  3. This will open up the Lightsail console.
  4. Select Storage.
  5. All Lightsail buckets are listed here.
  6. Click on a bucket name.
  7. Click Logging.
  8. Click on the X next to Access logging is inactive.
  9. Select a different bucket specific to store the logging information.
  10. Note the path or create a path that matches your organization style.
  11. Click save.
  12. Click OK.
  13. Repeat steps 6-12 for all Lightsail buckets.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_3_10

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_3_10 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 3.10
cis_level = 1
cis_section_id = 3
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/Lightsail