logo

Database

Json Yaml Access Logging Disabled Cloudfront

Description

Detects when AWS CloudFront distributions are configured without access logging enabled in CloudFormation templates. Lack of access logging prevents tracking of content delivery activities and user requests, which reduces security visibility and audit capabilities.

Weakness:

400 - Traceability Loss - AWS

Category: Functionality Abuse

Detection Strategy

    Identifies CloudFormation resources of type 'AWS::CloudFront::Distribution'

    Checks if logging configuration is missing or disabled in the distribution properties

    Reports a vulnerability when a CloudFront distribution resource is found without an enabled logging configuration

Vulnerable code example

Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        DefaultCacheBehavior:
          TargetOriginId: origin1
          ForwardedValues:...

✅ Secure code example

Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        DefaultCacheBehavior:
          TargetOriginId: origin1
          ForwardedValues:...