| Plugin Title | CloudTrail Bucket Access Logging |
| Cloud | AWS |
| Category | CloudTrail |
| Description | Ensures CloudTrail logging bucket has access logging enabled to detect tampering of log files |
| More Info | CloudTrail buckets should utilize access logging for an additional layer of auditing. If the log files are deleted or modified in any way, the additional access logs can help determine who made the changes. |
| AWS Link | http://docs.aws.amazon.com/AmazonS3/latest/UG/ManagingBucketLogging.html |
| Recommended Action | Enable access logging on the CloudTrail bucket from the S3 console. |
- Log in to the AWS Management Console.
- Select the "Services" option and search for "CloudTrail".
- In the "Dashboard" panel click on the desired trail from the list under "Trails" to get to its configuration page.
- Click on "Edit" under "General details".
- Scroll down and under the "Storage location" option check the S3 bucket name which stores the log data.
- Go to "Services" and search for "S3" to go into S3 buckets dashboard.
- Select the "S3 bucket" which is used to store data log in CloudTrail and click on the bucket name to get to its configuration page.
- Click the "Properties" tab from panel to get into Properties configuration options.
- Scroll down to "Server Access Login" and check if its "Enabled" or not. If the "Server access logging" status shows "Disabled" then click "Edit" Button.
- Select "Enable" and specify the "Target bucket" that will be used to store data log files.
- Click on "Save changes" after review.
- Repeat steps 3 to 11 for all other Cloudtrail Trails.
