Logging Policies

How to Use this Page

This page lists the AWS Logging Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure AWS CloudTrail is enabled in all regions
Policy ID: BC_AWS_LOGGING_1

Ensure AWS CloudTrail log validation is enabled in all regions
Policy ID: BC_AWS_LOGGING_2

Ensure the S3 bucket used to store CloudTrail logs does not have public access
Policy ID: BC_AWS_LOGGING_3

Ensure CloudTrail and CloudWatch logs are integrated
Policy ID: BC_AWS_LOGGING_4

Ensure AWS config is enabled in all regions
Policy ID: BC_AWS_LOGGING_5

Ensure CloudTrail S3 bucket access logging is enabled
Policy ID: BC_AWS_LOGGING_6

Ensure AWS CloudTrail logs are encrypted using CMKs
Policy ID: BC_AWS_LOGGING_7

Ensure AWS CMK rotation is enabled
Policy ID: BC_AWS_LOGGING_8

Ensure AWS VPC Flow logs are enabled
Policy ID: BC_AWS_LOGGING_9

Ensure Amazon MQ Broker logging is enabled
Policy ID: BC_AWS_LOGGING_10

Ensure container insights are enabled on ECS cluster
Policy ID: BC_AWS_LOGGING_11

Ensure AWS Redshift database has audit logging enabled
Policy ID: BC_AWS_LOGGING_12

Ensure CloudWatch log groups specify retention days
Policy ID: BC_AWS_LOGGING_13

Ensure CloudTrail logging in All Regions is enabled
Policy ID: BC_AWS_LOGGING_14

Ensure API Gateway has X-Ray tracing enabled
Policy ID: BC_AWS_LOGGING_15

Ensure Global Accelerator has Flow logs enabled
Policy ID: BC_AWS_LOGGING_16

Ensure API Gateway has access logging enabled
Policy ID: BC_AWS_LOGGING_17

Ensure Amazon MSK cluster logging is enabled
Policy ID: BC_AWS_LOGGING_18

Ensure AWS DocumentDB logging is enabled
Policy ID: BC_AWS_LOGGING_19

Ensure AWS CloudFront distribution has access logging enabled
Policy ID: BC_AWS_LOGGING_20

Ensure CloudWatch logs are encrypted at rest using KMS CMKs
Policy ID: BC_AWS_LOGGING_21

Ensure AWS ELB (Classic) with access log is enabled
Policy ID: BC_AWS_LOGGING_22

Ensure the ELB has access logging enabled
Policy ID: BC_AWS_LOGGING_23

Ensure Nepture logging is enabled
Policy ID: BC_AWS_LOGGING_24

Ensure AWS CloudFormation stacks are sending event notifications to an SNS topic
Policy ID: BC_AWS_LOGGING_25

Ensure detailed monitoring for EC2 instances is enabled
Policy ID: BC_AWS_LOGGING_26

Ensure CloudTrail trail is integrated with CloudWatch logs
Policy ID: BC_AWS_LOGGING_27

Ensure enhanced monitoring for Amazon RDS instances is disabled
Policy ID: BC_AWS_LOGGING_28

Ensure API Gateway stage have logging level defined appropriately
Policy ID: BC_AWS_LOGGING_29


Did this page help you?