Link Search Menu Expand Document

Cloudfront distribution should have Access Logging configured

Explanation

You should configure CloudFront Access Logging to create log files that contain detailed information about every user request that CloudFront receives

Insecure Example

The following example will fail the AWS071 check.

resource "aws_cloudfront_distribution" "bad_example" {
	// other config
	// no logging_config
}

Secure Example

The following example will pass the AWS071 check.

resource "aws_cloudfront_distribution" "good_example" {
	// other config
	logging_config {
		include_cookies = false
		bucket          = "mylogs.s3.amazonaws.com"
		prefix          = "myprefix"
	}
}