S3 Bucket does not have logging enabled.

Explanation

Buckets should have logging enabled so that access can be audited.

Possible Impact

There is no way to determine the access to this bucket

Suggested Resolution

Add a logging block to the resource to enable access logging

Insecure Example

The following example will fail the aws-s3-enable-bucket-logging check.

resource "aws_s3_bucket" "bad_example" {

}

Secure Example

The following example will pass the aws-s3-enable-bucket-logging check.

resource "aws_s3_bucket" "good_example" {
	logging {
		target_bucket = "target-bucket"
	}
}

Getting Started
Provider Checks
Config
GitHub Actions