Skip to main content

💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)

Contextual name: 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)
ID: /frameworks/cis-aws-v4.0.0/03/09
Located in: 💼 3 Logging

Description

S3 object-level API operations, such as GetObject, DeleteObject, and PutObject, are referred to as data events. By default, CloudTrail trails do not log data events, so it is recommended to enable object-level logging for S3 buckets.

Similar

Sections
- /frameworks/cis-aws-v4.0.1/03/09
- /frameworks/cis-aws-v3.0.0/03/09

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v3.0.0 → 💼 3.9 Ensure that Object-level logging for read events is enabled for S3 bucket - Level 2 (Automated)			1
💼 CIS AWS v4.0.1 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v3.0.0 → 💼 3.9 Ensure that Object-level logging for read events is enabled for S3 bucket - Level 2 (Automated)			1
💼 CIS AWS v4.0.1 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS Account Object-level CloudTrail Logging for Read Events for S3 Buckets is not enabled 🟢	1	🟢 x6

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
Policies (1)