A Config rule that checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets. The rule is NON_COMPLIANT if trails that log data events for S3 buckets are not configured.

This config rule supports the following parameters:

  • S3BucketNames
    • Required: No
    • Type: String
    • Description:Comma-separated list of S3 bucket names for which data events logging should be enabled. Default behavior checks for all S3 buckets.


Source *

CloudFormation Template

Share Template