Vendor services misconfigurations

CloudFront distributions logging is disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

We have found that server access logging is disabled for CloudFront Distribution {AwsCloudFront}. Amazon CloudFront is a high-performance content delivery network (CDN) service that securely delivers data, videos, apps, and APIs to customers around the world with low latency and high transfer speeds. The Amazon CloudFront distribution have server access logging option. CloudFront access logs contain complete information about each user request received by CloudFront.

  • Recommended Mitigation

    It is recommended to consider to enable server access logging for CloudFront distribution {AwsCloudFront}. CloudFront access logs contain important information such as the date and time the request was received, the IP address of the viewer who made the request, the source of the request, and the viewer's port number. For more information: <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html," target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html,</a> <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesLoggingOnOff" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesLoggingOnOff</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.