Ensure that AWS CloudWatch logging is enabled for your Amazon Transfer for SFTP servers in order to track SFTP user activity and meet regulatory requirements. Amazon Transfer for SFTP is a fully managed service that allows you to transfer files over Secure File Transfer Protocol (SFTP) into and out of Amazon S3 storage. The SFTP user activity logs contain records of user authentication (success and failure), data uploads (PUT requests) and data downloads (GET requests).
FTP logging data can be extremely useful for security and compliance audits, tracking down issues or protecting against unauthorized user access. Once the Logging Activity feature is enabled, AWS CloudWatch Logs starts recording all SFTP user activity for your Amazon Transfer for SFTP servers.
To determine if your AWS Transfer for SFTP servers have Logging Activity feature enabled, perform the following actions:
Remediation / Resolution
To enable Activity Logging feature, you have to create first an IAM role so that your SFTP servers can assume this role and use it to call AWS CloudWatch service on your behalf. To enable SFTP user activity logging for your existing Amazon Transfer for SFTP servers, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Enable AWS Transfer for SFTP Logging Activity
Risk level: Medium