💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)
- ID:
/frameworks/cis-aws-v4.0.1/03/09
Description
S3 object-level API operations, such as GetObject, DeleteObject, and PutObject, are referred to as data events. By default, CloudTrail trails do not log data events, so it is recommended to enable object-level logging for S3 buckets.
Similar
- Sections
/frameworks/cis-aws-v5.0.0/03/09/frameworks/cis-aws-v4.0.0/03/09
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS AWS v4.0.0 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated) | 1 | no data | |||
| 💼 CIS AWS v5.0.0 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated) | 1 | no data |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS AWS v4.0.0 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated) | 1 | no data | |||
| 💼 CIS AWS v5.0.0 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated) | 1 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS Account Object-level CloudTrail Logging for Read Events for S3 Buckets is not enabled🟢 | 1 | 🟢 x6 | no data |