Cloudfront distribution should have Access Logging configured
Default Severity: medium
Explanation
You should configure CloudFront Access Logging to create log files that contain detailed information about every user request that CloudFront receives
Possible Impact
Logging provides vital information about access and usage
Suggested Resolution
Enable logging for CloudFront distributions
Insecure Example
The following example will fail the aws-cloudfront-enable-logging check.
resource "aws_cloudfront_distribution" "bad_example" {
// other config
// no logging_config
}
Secure Example
The following example will pass the aws-cloudfront-enable-logging check.
resource "aws_cloudfront_distribution" "good_example" {
// other config
logging_config {
include_cookies = false
bucket = "mylogs.s3.amazonaws.com"
prefix = "myprefix"
}
}