github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md (about)

     1  
     2  Add a logging block to the resource to enable access logging
     3  
     4  ```yaml---
     5  Resources:
     6    GoodExample:
     7      Properties:
     8        LoggingConfiguration:
     9          DestinationBucketName: logging-bucket
    10          LogFilePrefix: accesslogs/
    11      Type: AWS::S3::Bucket
    12  
    13  ```
    14  ```yaml---
    15  Resources:
    16    MyS3Bucket:
    17      Type: AWS::S3::Bucket
    18      DeletionPolicy: Retain
    19      UpdateReplacePolicy: Retain
    20      Properties:
    21        BucketName: !Sub my-s3-bucket-${BucketSuffix}
    22        LoggingConfiguration:
    23          DestinationBucketName: !FindInMap [EnvironmentMapping, s3, logging]
    24          LogFilePrefix: !Sub s3-logs/AWSLogs/${AWS::AccountId}/my-s3-bucket-${BucketSuffix}
    25        AccessControl: Private
    26        PublicAccessBlockConfiguration:
    27          BlockPublicAcls: true
    28          BlockPublicPolicy: true
    29          IgnorePublicAcls: true
    30          RestrictPublicBuckets: true
    31  
    32  ```
    33  
    34