Control: AWS > CIS v6.0 > 4 - Logging > 4.04 - Ensure that server access logging is enabled on the CloudTrail S3 bucket

Configures auditing against a CIS Benchmark item.

Level: 1

Server access logging generates a log that contains access records for each request made to your S3 bucket. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. It is recommended that server access logging be enabled on the CloudTrail S3 bucket.

Resource Types

This control targets the following resource types:

AWS > CloudTrail > Trail

Policies

This control type relies on these other policies when running actions:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-cisv6-0#/control/types/r0404

Category URI

tmod:@turbot/cis#/control/categories/v070602

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv6-0#/control/types/r0404") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv6-0#/control/types/r0404'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv6-0#/control/types/r0404"