Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: AwsSolutions-CFR3 does not support standard logs V2 #1876

Open
georeeve opened this issue Jan 14, 2025 · 0 comments · May be fixed by #1877
Open

bug: AwsSolutions-CFR3 does not support standard logs V2 #1876

georeeve opened this issue Jan 14, 2025 · 0 comments · May be fixed by #1877
Labels
bug Something isn't working needs-triage This issue or PR still needs to be triaged.

Comments

@georeeve
Copy link
Contributor

What is the problem?

AwsSolutions-CFR3 fails when a Distribution has standard logging V2 enabled:
AwsSolutions-CFR3: The CloudFront distribution does not have access logging enabled. Enabling access logs helps operators track all viewer requests for the content delivered through the Content Delivery Network.

Reproduction Steps

Standard logging V2 can't currently be configured by the Distribution template in CloudFormation. However, it can be configured using the AWS Logs templates (see this comment). A CDK solution is detailed in this comment. I think we would need to change the rule to also check if a CfnDeliverySource exists for the Distribution ARN with a log type of ACCESS_LOGS, and then possibly if a CfnDeliveryDestination and CfnDelivery exists too.

What did you expect to happen?

The linting to pass.

What actually happened?

The linting failed.

cdk-nag version

2.34.23

Language

Typescript

Other information

No response
@georeeve georeeve added bug Something isn't working needs-triage This issue or PR still needs to be triaged. labels Jan 14, 2025
@georeeve georeeve linked a pull request Jan 14, 2025 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Check standard logs in AwsSolutions-CFR3 georeeve/cdk-nag
1 participant
@georeeve