Ensure AWS MWAA environment has webserver logs enabled

Error: AWS MWAA environment has webserver logs disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_170
Checkov Check ID: CKV_AWS_244
Severity: LOW

AWS MWAA environment has webserver logs disabled

Description

It is recommended to have a proper logging process for AWS MWAA environment webserver in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_mwaa_environment" "pass" {
  dag_s3_path        = "dags/"
  execution_role_arn = "aws_iam_role.example.arn"

  logging_configuration {
    dag_processing_logs {
      enabled   = true
      log_level = "DEBUG"
    }

    webserver_logs {
      enabled   = true
      log_level = "INFO"
    }
  }

  name = "example"

   network_configuration {
    security_group_ids = ["aws_security_group.example.id"]
    subnet_ids         = "aws_subnet.private[*].id"
  }

  source_bucket_arn = "aws_s3_bucket.example.arn"
}