Link Search Menu Expand Document

S3 Bucket does not have logging enabled.

Explanation

Buckets should have logging enabled so that access can be audited.

Insecure Example

The following example will fail the AWS002 check.

resource "aws_s3_bucket" "my-bucket" {

}

Secure Example

The following example will pass the AWS002 check.

resource "aws_s3_bucket" "my-bucket" {
	logging {
		target_bucket = "target-bucket"
	}
}