AWS Config Rule: CodeBuild Project Logging Enabled
CODEBUILD_PROJECT_LOGGING_ENABLED
Ryan Ware
Last Update 4 months ago
Description: Checks if an AWS CodeBuild project environment has at least one log option enabled. The rule is NON_COMPLIANT if the status of all present log configurations is set to 'DISABLED'.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region
How to Resolve Manually
This AWS Config Rule will check for Logging being enabled for your CodeBuild Project. To ensure your CodeBuild Project is compliant - you will need to have either CloudWatch Logs or S3 Logs enabled.
To enable this if your project does not have either of these enabled currently, head on over to the CodeBuild dashboard and edit your CodeBuild Project.
From here, edit the logs and tick either CloudWatch or S3 Logs as destination. You can leave the CloudWatch Group Name blank and AWS will create one for you based off the name of your CodeBuild Project
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here