Ensure that object-level logging is enabled for S3 buckets

Object-level logging allows you to incorporate S3 object access to your central auditing and logging in CloudTrail. You do have the ability to control what buckets, prefixes, and objects will be audited, and what types of actions to audit, and it will incur additional CloudTrail charges.

Risk Level: Low
Cloud Entity: Simple Storage Service (S3)
CloudGuard Rule ID: D9.AWS.LOG.19
Category: Storage

GSL LOGIC

S3Bucket should have objectLevelLogging=true

REMEDIATION

From Portal

  1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
  2. In the Buckets list, choose the name of the bucket.
  3. Choose Properties.
  4. Under AWS CloudTrail data events, choose Configure in CloudTrail.
  5. You can create a new CloudTrail trail or reuse an existing trail and configure Amazon S3 data events to be logged in your trail.

From TF

resource "aws_cloudtrail" "example" {
	...
	event_selector {
		read_write_type           = "All"
		include_management_events = true
		
		data_resource {
			type = "AWS::S3::Object"
			
			# Make sure to append a trailing '/' to your ARN if you want
			# to monitor all objects in a bucket.
			values = ["BUCKET-ARN/"]
		}
	}
	...
}

From Command Line
To enable object level logging for a s3 bucket, run:

aws cloudtrail put-event-selectors --trail-name TRAIL-NAME --event-selectors '[{"ReadWriteType": "All","IncludeManagementEvents": true,"DataResources": [{"Type":"AWS::S3::Object", "Values": ["arn:aws:s3:::BUCKET-NAME/"]}]}]'

References

  1. https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-cloudtrail-events.html
  2. https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-logging.html
  3. https://docs.aws.amazon.com/cli/latest/reference/cloudtrail/put-event-selectors.html
  4. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail

Simple Storage Service (S3)

Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere ��� web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every indu

Compliance Frameworks

  • AWS CIS Foundations v. 1.3.0
  • AWS CIS Foundations v. 1.4.0
  • AWS CIS Foundations v. 1.5.0
  • AWS CloudGuard Best Practices
  • AWS CloudGuard S3 Bucket Security
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5