Ensure the ELB has access logging enabled

Error: The ELB does not have access logging enabled

Bridgecrew Policy ID: BC_AWS_LOGGING_23
Checkov Check ID: CKV_AWS_92
Severity: MEDIUM

The ELB does not have access logging enabled

Description

These access logs can be used to analyze traffic patterns and troubleshoot security and operational issues.
Access logging is an optional feature of ELB that is disabled by default.

Fix - Runtime

AWS Console

TBA

CLI Command

Fix - Buildtime

Terraform

  • Resource: aws_elb
  • Argument: access_logs
resource "aws_elb" "example" {
  ...
  name = "test-lb-tf"
+  access_logs {
+     bucket  = aws_s3_bucket.lb_logs.bucket
+     enabled = true
+  }
}

CloudFormation

  • Resource: AWS::ElasticLoadBalancing::LoadBalancer
  • Argument: Properties.AccessLoggingPolicy.Enabled
Resources:
  Resource0:
    Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
    Properties:
      ...
      AccessLoggingPolicy:
        ...
+       Enabled: true