Ensure AWS MWAA environment has worker logs enabled
Error: AWS MWAA environment has worker logs disabled
Bridgecrew Policy ID: BC_AWS_GENERAL_167
Checkov Check ID: CKV_AWS_243
Severity: LOW
AWS MWAA environment has worker logs disabled
Description
It is recommended to have a proper logging process for AWS MWAA environment worker in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_mwaa_environment" "pass" {
dag_s3_path = "dags/"
execution_role_arn = "aws_iam_role.example.arn"
logging_configuration {
worker_logs {
enabled = true
log_level = "CRITICAL"
}
}
name = "example"
network_configuration {
security_group_ids = ["aws_security_group.example.id"]
subnet_ids = "aws_subnet.private[*].id"
}
source_bucket_arn = "aws_s3_bucket.example.arn"
}
Updated 5 months ago