Ensure CloudTrail is Enabled in All Regions Rule
This rule ensures CloudTrail is enabled in all regions for compliance.
| Rule | Ensure CloudTrail is enabled in all regions |
| Framework | cis_v140 |
| Severity | ✔ Medium |
Rule Description
This rule ensures that CloudTrail is enabled in all regions for compliance with cis_v140.
Troubleshooting Steps
If CloudTrail is not enabled in all regions, perform the following troubleshooting steps:
- 1.
Verify IAM Permissions: Ensure that the IAM user or role attempting to enable CloudTrail has the necessary permissions. The user or role should have the "AWSCloudTrailFullAccess" policy attached.
- 2.
Check CloudTrail Status: Validate the CloudTrail status by navigating to the CloudTrail service in the AWS Management Console. Ensure that CloudTrail is active and properly configured. If it is not active, you need to enable it.
- 3.
Review Region Configuration: Verify the CloudTrail configuration for each region. Ensure that CloudTrail is enabled and properly configured in all AWS regions.
- 4.
Validate Logging Buckets: Confirm that the S3 buckets designated for CloudTrail logging exist and have the appropriate permissions. The buckets should have write access and allow CloudTrail to upload logs.
- 5.
Review Event History: Check the event history in CloudTrail to identify any potential errors or issues related to logging in different regions. Look for any failed or incomplete actions.
Code Samples
In order to enable CloudTrail in all regions, you can use the AWS Command Line Interface (CLI) with the following code:
aws cloudtrail describe-regions --query "Regions[].RegionName" --output text | xargs -I {} aws cloudtrail create-trail --name <your_trail_name> --s3-bucket-name <your_bucket_name> --region {}
Replace
<your_trail_name><your_bucket_name>Remediation Steps
To remediate the non-compliance, follow these step-by-step instructions:
- 1.
Open the AWS Management Console and navigate to the CloudTrail service.
- 2.
Verify that CloudTrail is active and check the current configuration.
- 3.
For any inactive regions, enable CloudTrail by selecting the region and configuring the desired settings. Ensure that the logging bucket is properly specified and permissions are granted.
- 4.
If a logging bucket does not exist, create a new S3 bucket in the desired region. Grant the necessary permissions to allow CloudTrail to upload logs to this bucket.
- 5.
Ensure that the CloudTrail logging bucket has appropriate permissions to store logs securely. Set write permissions for CloudTrail to upload logs and make any necessary adjustments to access control.
- 6.
Repeat steps 3-5 for each region where CloudTrail is not enabled.
- 7.
Once CloudTrail is enabled in all regions and properly configured, re-validate compliance with cis_v140.