Control: 5 CloudFront distributions should have logging enabled
Description
This control checks whether server access logging is enabled on CloudFront distributions. The control fails if access logging is not enabled for a distribution.
CloudFront access logs provide detailed information about every user request that CloudFront receives. Each log contains information such as the date and time the request was received, the IP address of the viewer that made the request, the source of the request, and the port number of the request from the viewer.
Remediation
For information on how to configure access logging for a CloudFront distribution, seeConfiguring and using standard logs (access logs).
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_cloudfront_5
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_cloudfront_5 --share
SQL
This control uses a named query:
cloudfront_distribution_logging_enabled