⭐ Repository → 💼 CIS AWS v6.0.0 → 💼 4 Logging

💼 4.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)

ID: /frameworks/cis-aws-v6.0.0/04/09

Description

S3 object-level API operations, such as GetObject, DeleteObject, and PutObject, are referred to as data events. By default, CloudTrail trails do not log data events, so it is recommended to enable object-level logging for S3 buckets.

Similar

Sections
- /frameworks/cis-aws-v5.0.0/03/09

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v5.0.0 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v5.0.0 → 💼 3.9 Ensure that object-level logging for read events is enabled for S3 buckets (Automated)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account Object-level CloudTrail Logging for Read Events for S3 Buckets is not enabled🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​