Cloudfront distribution should have Access Logging configured

Explanation

You should configure CloudFront Access Logging to create log files that contain detailed information about every user request that CloudFront receives

Possible Impact

Logging provides vital information about access and usage

Suggested Resolution

Enable logging for CloudFront distributions

Insecure Example

The following example will fail the aws-cloudfront-enable-logging check.

resource "aws_cloudfront_distribution" "bad_example" {
	// other config
	// no logging_config
}

Secure Example

The following example will pass the aws-cloudfront-enable-logging check.

resource "aws_cloudfront_distribution" "good_example" {
	// other config
	logging_config {
		include_cookies = false
		bucket          = "mylogs.s3.amazonaws.com"
		prefix          = "myprefix"
	}
}

Getting Started
Provider Checks
Config
GitHub Actions