Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
The Cloudfront access logs contain detailed information (requested object name, date and time of the access, client IP, access point, error code, etc) about each request made for your web content, information that can be extremely useful during security audits or as input data for various analytics/reporting tools. You can also use this feature in combination with AWS Lambda and AWS WAF to process the logging data and block the requests coming from those IP addresses that generate too many error codes as the requests that generate these errors are often made by attackers trying to find vulnerabilities within your website/web application.
To determine if your Cloudfront CDN distributions have access logging enabled, perform the following:
To enable access logging for your Cloudfront CDN distributions, perform the following: