Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security Hub controls for DataSync

These Security Hub controls evaluate the Amazon DataSync service and resources.

These controls may not be available in all Amazon Web Services Regions. For more information, see Availability of controls by Region.

[DataSync.1] DataSync tasks should have logging enabled

Category: Identify > Logging

Severity: Medium

Resource type: AWS::DataSync::Task

Amazon Config rule: datasync-task-logging-enabled

Schedule type: Change triggered

Parameters: None

This control checks whether an Amazon DataSync task has logging enabled. The control fails if the task doesn't have logging enabled.

Audit logs track and monitor system activities. They provide a record of events that can help you detect security breaches, investigate incidents, and comply with regulations. Audit logs also enhance the overall accountability and transparency of your organization.

Remediation

To configure logging for DataSync tasks, see Configuring logging for your DataSync transfer task in the Amazon DataSync User Guide