Skip to main content

CloudFront distributions should have logging enabled

Severity: Medium

Resource Types: AWS::CloudFront::Distribution

Description

This control checks whether server access logging is enabled on CloudFront distributions. The control fails if access logging is not enabled for a distribution.

CloudFront access logs provide detailed information about every user request that CloudFront receives. Each log contains information such as the date and time the request was received, the IP address of the viewer that made the request, the source of the request, and the port number of the request from the viewer.

Remediation

For information on how to configure access logging for a CloudFront distribution, seeConfiguring and using standard logs (access logs).