S3 bucket access logging should be enabled on the CloudTrail S3 bucket

cloudtrail
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

S3 Bucket Access Logging generates a log with access records for each request made to your S3 bucket. These logs include details such as request type, specified resources, and the request’s processing time and date. Enabling bucket access logging, particularly on the CloudTrail S3 bucket, is recommended to enhance security and support incident response activities by capturing all events affecting bucket objects.

Remediation

For instructions on enabling S3 Bucket Access Logging, refer to the AWS S3 Server Access Logging Guide.