Ensure CloudTrail is enabled in all regions Rule
This rule ensures CloudTrail is enabled in all regions for compliance
| Rule | Ensure CloudTrail is enabled in all regions |
| Framework | cis_v150 |
| Severity | ✔ Critical |
CIS Version: 1.5.0
Description:
CloudTrail is a service provided by AWS that enables logging and monitoring of API activities within an AWS account. Enabling CloudTrail in all regions provides better visibility and auditing capabilities for security and compliance purposes.
Rule:
Ensure CloudTrail is enabled in all regions
Severity Level:
High
Remediation:
Follow the steps below to enable CloudTrail in all regions:
- 1.Sign in to the AWS Management Console.
- 2.Go to the CloudTrail management console.
- 3.Click on "Trails" in the left navigation menu.
- 4.Click on "Create trail" to create a new trail.
- 5.Enter a name for the trail and choose the region where you want to enable CloudTrail.
- 6.Select the desired S3 bucket to store the CloudTrail logs. If you don't have an S3 bucket, create one and grant the necessary permissions for CloudTrail to write logs to the bucket.
- 7.Enable log file validation by selecting "Yes" for "Enable log file validation".
- 8.Choose the appropriate settings for the remaining options based on your requirements.
- 9.Click on "Create trail" to create the CloudTrail trail.
Verification:
To verify that CloudTrail is enabled in all regions, follow the steps below:
- 1.Open the AWS Management Console.
- 2.Go to the CloudTrail management console.
- 3.Click on "Trails" in the left navigation menu.
- 4.Check if there is a trail listed for each region.
- 5.Verify that the status of each trail is "Logging" and there are no error or warning messages.
Troubleshooting Steps:
If you encounter any issues while enabling CloudTrail in all regions, refer to the following troubleshooting steps:
- 1.Check if you have the necessary permissions to create and configure CloudTrail trails. Ensure that you are using an IAM user or role with the required permissions.
- 2.Make sure that the S3 bucket specified for storing CloudTrail logs has the correct permissions. CloudTrail requires write access to the bucket.
- 3.Verify that you have selected the correct region for enabling CloudTrail.
- 4.Check if there are any existing trails with the same name in the same region. Each trail must have a unique name within a region.
- 5.Ensure that the CloudTrail service is not currently undergoing maintenance or experiencing any known issues by checking the AWS Service Health Dashboard.
Additional Notes:
Enabling CloudTrail in all regions helps to provide a comprehensive view of API activity across the AWS account. This is crucial for monitoring and detecting any potential security breaches or unauthorized access attempts. It also supports compliance requirements by maintaining an audit trail of API calls and changes made within the account.