AWS002 - S3 Bucket does not have logging enabled.

Written by tfsec

Explanation

Buckets should have logging enabled so that access can be audited.

Insecure Example

The following example will fail the AWS002 check.

resource "aws_s3_bucket" "bad_example" {

}

Secure Example

The following example will pass the AWS002 check.

resource "aws_s3_bucket" "good_example" {
	logging {
		target_bucket = "target-bucket"
	}
}

Related Links

• https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket

---