Ensure the ELB has access logging enabled
Error: The ELB does not have access logging enabled
Bridgecrew Policy ID: BC_AWS_LOGGING_23
Checkov Check ID: CKV_AWS_92
Severity: MEDIUM
The ELB does not have access logging enabled
Description
These access logs can be used to analyze traffic patterns and troubleshoot security and operational issues.
Access logging is an optional feature of ELB that is disabled by default.
Fix - Runtime
AWS Console
TBA
CLI Command
Fix - Buildtime
Terraform
- Resource: aws_elb
- Argument: access_logs
resource "aws_elb" "example" {
...
name = "test-lb-tf"
+ access_logs {
+ bucket = aws_s3_bucket.lb_logs.bucket
+ enabled = true
+ }
}
CloudFormation
- Resource: AWS::ElasticLoadBalancing::LoadBalancer
- Argument: Properties.AccessLoggingPolicy.Enabled
Resources:
Resource0:
Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
Properties:
...
AccessLoggingPolicy:
...
+ Enabled: true
Updated 10 months ago