Step Functions state machines should have logging turned on

Docs > Datadog Security > OOTB Rules > Step Functions state machines should have logging turned on

Description

This control checks whether logging is enabled for an AWS Step Functions state machine. If logging is not turned on, the control fails. If a custom value is set for the logLevel parameter, the control passes only if the state machine is configured with the specified logging level.

Enabling logging helps maintain the reliability, availability, and performance of Step Functions by allowing you to gather critical monitoring data from AWS services, which helps with debugging multi-point failures. Defining a logging configuration for Step Functions state machines enables tracking of execution history and outcomes in Amazon CloudWatch Logs, with the option to log only errors or fatal events.

Remediation

For instructions on enabling logging for a Step Functions state machine, refer to Configure Logging in the AWS Step Functions Developer Guide.