Json Yaml Missing Logging Configuration

Description

Detects AWS S3 buckets defined in CloudFormation templates that do not have logging configuration enabled. Missing logging configuration on S3 buckets prevents audit trails of bucket access and potential security incidents.

Weakness:

400 - Traceability Loss - AWS

Category: Functionality Abuse

Detection Strategy

• Identifies AWS::S3::Bucket resources in CloudFormation templates

• Checks if the bucket resource has logging configuration properties defined

• Reports a vulnerability when a bucket is found without logging configuration enabled

• Examines both root level bucket properties and nested logging configuration blocks

Vulnerable code example

Resources:
  MyS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: bucket1      # Vulnerable: Using non-standard/unsafe access control setting
      BucketName: example-bucket

✅ Secure code example

Resources:
  MyS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private      # Secure: Using standard Private access control
      BucketName: example-bucket
      PublicAccessBlockConfiguration:   
        BlockPublicAcls: true    # Prevent public access via ACLs...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.