S3 Bucket logging is not enabled

ID

aws_s3_bucket_logging

Severity

low

Vendor

AWS

Resource

Logging

Tags

non-reachable

Description

S3 Bucket logging is not enabled. Enable logging it is necessary to track access requests useful for security and access audits.

To fix it, you must configure debug_botocore_endpoint_logs=true.

You have more information about this topic here.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - amazon.aws.s3_bucket:
        name: mys3bucket
        state: present

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - amazon.aws.s3_bucket:
        name: mys3bucket
        state: present
        debug_botocore_endpoint_logs: true