CloudFront Distribution Does Not Have Logging Enabled

Overview

Checks whether logging is enabled for CloudFront distributions. If logging is not enabled, monitoring the usage of the service becomes impossible. To achieve real-time monitoring, you can direct CloudTrail Logs to CloudWatch Logs and set up metric filters and alarms accordingly. Enable logging for services with well-defined log rotation policies to manage log storage effectively. These logs play a crucial role in Incident Response and forensics investigations, offering valuable insights for various use cases beyond just monitoring.

Vendor

AWS

Cloud Service

CloudFront

CloudFront.5

References

https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_DistributionConfig.html, https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

Severity

Item Types

AWS::CloudFront::Distribution

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​