Ensure that AWS S3 Server Access Logging feature is enabled in order to record access requests useful for security audits. By default, server access logging is not enabled for S3 buckets.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
With Server Access Logging feature enabled for your S3 buckets you can track any requests made to access the buckets and use the log data to take measures in order to protect them against unauthorized user access.
To determine if your S3 buckets have server access logging enabled, perform the following:
To enable Server Access Logging for an S3 bucket, you must be logged in as the bucket owner. To turn on this feature, perform the following: