Json Yaml Access Logs S3 Disabled
Description
Identifies Elastic Load Balancer v2 (Application and Network Load Balancers) resources in CloudFormation templates that do not have access logging to S3 enabled. Access logs are critical for security monitoring and auditing of traffic flowing through load balancers.
Detection Strategy
• Examines CloudFormation template resources of type 'AWS::ElasticLoadBalancingV2::LoadBalancer'
• Checks if the LoadBalancer resource has 'LoadBalancerAttributes' property configured
• Verifies if 'access_logs.s3.enabled' attribute is present and set to true
• Reports a vulnerability if access logging to S3 is not explicitly enabled for the load balancer
Vulnerable code example
Resources:
LoadBalancer1:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: vulnerable-lb
LoadBalancerAttributes:
- Key: access_logs.s3.enabled # Explicitly disabling access logs is insecure
Value: false...✅ Secure code example
Resources:
LogBucket:
Type: AWS::S3::Bucket # Create S3 bucket for access logs
Properties:
AccessControl: LogDeliveryWrite
LoadBalancer1:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.