Cloudfront distribution should have Access Logging configured
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudfront |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The CloudFront distribution is missing access logging configuration, which means requests to the distribution are not recorded. Without access logs, visibility into who accessed resources and how is lost, making monitoring and auditing difficult.
Impact#
If access logging is not enabled, suspicious or unauthorized activity may go undetected, and forensic investigation after an incident becomes challenging. This lack of visibility can hinder incident response, compliance efforts, and detection of abuse or misconfigurations.
Resolution#
Enable logging for CloudFront distributions