Loading controls...
Benchmark: 3 Logging
Overview
This section contains recommendations for configuring AWS logging features.
Usage
Browse dashboards and select 3 Logging:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.cis_v140_3Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.cis_v140_3Controls
- 3.1 Ensure CloudTrail is enabled in all regions
- 3.2 Ensure CloudTrail log file validation is enabled
- 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
- 3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs
- 3.5 Ensure AWS Config is enabled in all regions
- 3.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
- 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.8 Ensure rotation for customer created CMKs is enabled
- 3.9 Ensure VPC flow logging is enabled in all VPCs
- 3.10 Ensure that Object-level logging for write events is enabled for S3 bucket
- 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket