To safeguard the sensitive information stored in the CloudTrail buckets, it's important to ensure that only authorized individuals can access them. Enabling server access logging allows for monitoring of any attempts to access the target buckets and prevents users from tampering with the access logs to hide their actions. To enhance the security of your AWS cloud infrastructure, make sure to configure the S3 buckets linked with your CloudTrail trails (i.e., the target buckets) to utilize the S3 Server Access Logging feature. This feature allows for the tracking of requests for access to the target buckets, making it useful for conducting security audits.
To ensure that CloudTrail S3 bucket logging is enabled, you can follow these remediation steps:
Log in to the AWS Management Console and navigate to the S3 console.
Locate the S3 bucket that is associated with your CloudTrail trail and click on its name to open its properties.
Check if the bucket already has access logging enabled. If it does not, proceed to the next step.
Click on the "Properties" tab and select "Server access logging" from the dropdown menu.
Click the "Edit" button to enable the feature.
In the Server access logging section, select the option to enable logging for the bucket and choose the target bucket and target prefix for the logs.
Click the "Save" button to save the changes.
Once you have completed these steps, S3 bucket access logging will be enabled for the CloudTrail S3 bucket. It's important to regularly review the logs to ensure that access to the CloudTrail S3 bucket is only granted to authorized users and to detect any unauthorized attempts to access the bucket.