Ensure AWS MWAA environment has worker logs enabled

Error: AWS MWAA environment has worker logs disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_167
Checkov Check ID: CKV_AWS_243
Severity: LOW

AWS MWAA environment has worker logs disabled

Description

It is recommended to have a proper logging process for AWS MWAA environment worker in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_mwaa_environment" "pass" {
  dag_s3_path        = "dags/"
  execution_role_arn = "aws_iam_role.example.arn"

  logging_configuration {
    worker_logs {
      enabled   = true
      log_level = "CRITICAL"
    }
  }

  name = "example"

  network_configuration {
    security_group_ids = ["aws_security_group.example.id"]
    subnet_ids         = "aws_subnet.private[*].id"
  }

  source_bucket_arn = "aws_s3_bucket.example.arn"
}

Updated 5 months ago