Sprinto Dashboard

How to resolve Sprinto check to enable AWS CloudTrail S3 logging bucket access

About:

Sprinto check: AWS CloudTrail S3 logging bucket access logging should be enabled

Enabling AWS CloudTrail S3 logging bucket access logging is a security feature allowing you to capture and record all access and activity within the S3 bucket, designated as the centralized logging repository for CloudTrail events. It provides a detailed audit trail of all interactions with the CloudTrail log files stored in the S3 bucket, such as object uploads, downloads, deletions, and metadata changes.

The following Sprinto check gets activated if any target AWS S3 bucket from the CloudTrail has logging access disabled. To pass the Sprinto check, enable logging access on all target S3 buckets.

Purpose:

Enabling AWS CloudTrail S3 logging bucket access logging strengthens data security and compliance within your AWS environment by providing a comprehensive audit trail of all interactions with the CloudTrail log files stored in the S3 bucket.

How to resolve:

The below step shows how to find the target S3 bucket for a CloudTrail instance and then enable access logging on the respective S3 bucket:

  1. Finding the target S3 bucket for a CloudTrail.

    • Log in to the AWS Console using your credentials.

    • Navigate to the CloudTrail service.

    • Click Trails from the left side navigation menu, then select the CloudTrail instance you wish to know the target S3 bucket.

    • Click Edit from the General details section.

    • You can review the S3 bucket name from the Trail log bucket name.

  2. Enable access logging on the S3 bucket.

    • From the AWS Console, navigate to the AWS S3 service.

    • Select the target S3 bucket from the list for which you wish to enable access logging.

    • Select the Properties tab, and then click Edit from the Server access logging section.

    • Toggle the Server access logging configuration to Enable, and then select the target bucket and destination to store the logs.

    • If required, customize the Log object key format.

    • Click Save Changes to apply the changes.

Repeat the above steps to ensure that all target S3 buckets from CloudTrail have access logging enabled.

Please contact our Support team If you have any queries related to the check or need assistance.

PreviousHow to resolve Sprinto check to enable auto screen lockNextHow to resolve Sprinto check to enable backup for Azure SQL database