oss-bucket-logging-enabled

更新时间:
复制 MD 格式

Checks whether the access logging feature is enabled for each Object Storage Service (OSS) bucket.

Scenarios

If you enable access logging for an OSS bucket, all read and write access to the bucket is recorded in logs. This helps you analyze unusual access and review data leaks.

Risk level

Default risk level: medium.

You can change the risk level as required when you apply this rule.

Compliance evaluation logic

  • If the access logging feature is enabled for each OSS bucket, the evaluation result is compliant.
  • If the access logging feature is disabled for an OSS bucket, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

Rule details

ItemDescription
Rule nameoss-bucket-logging-enabled
Rule IDoss-bucket-logging-enabled
TagOSS, Bucket, and AuditBaseline
Automatic remediationNot supported
Trigger typeConfiguration change
Supported resource typeOSS bucket
Input parameterNone

Non-compliance remediation

For more information about how to enable the access logging feature for OSS buckets, see Configure logging.