Benchmark: BP01 Configure service and application logging
Description
Retain security event logs from services and applications. This is a fundamental principle of security for audit, investigations, and operational use cases, and a common security requirement driven by governance, risk, and compliance (GRC) standards, policies, and procedures.An organization should be able to reliably and consistently retrieve security event logs from AWS services and applications in a timely manner when required to fulfill an internal process or obligation, such as a security incident response. Consider centralizing logs for better operational results.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select BP01 Configure service and application logging.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec04_bp01
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec04_bp01 --share
Controls
- API Gateway stage logging should be enabled
- OpenSearch domains should have audit logging enabled.
- CloudTrail trails should be integrated with CloudWatch logs
- All S3 buckets should log S3 data events in CloudTrail
- ACM certificates should have transparency logging enabled
- Lambda functions CloudTrail logging should be enabled
- CloudFront distributions access logs should be enabled
- 3.10 Ensure that Object-level logging for write events is enabled for S3 bucket
- 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket
- EKS clusters should have control plane audit logging enabled
- ELB application and classic load balancer logging should be enabled
- RDS DB instances should be integrated with CloudWatch logs
- AWS Redshift audit logging should be enabled
- Route 53 zones should have query logging enabled
- S3 buckets object logging should be enabled
- VPC flow logs should be enabled