Rule: At least one enabled trail should be present in a region
This rule ensures the presence of at least one enabled trail in a specific region.
| Rule | At least one enabled trail should be present in a region |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Low |
Rule Description
The "At least one enabled trail should be present in a region for FedRAMP Low Revision 4" rule is a requirement under the FedRAMP Low security control standards. According to this rule, there must be at least one enabled trail present in each region to comply with the required security measures outlined in FedRAMP Low Revision 4.
Troubleshooting Steps (if any)
If you encounter any issues regarding the presence of an enabled trail in a region, follow these troubleshooting steps:
- 1.
Check the AWS Management Console: Log in to the AWS Management Console and navigate to the CloudTrail service.
- 2.
Verify the region: Ensure that you are in the correct region where the trail needs to be enabled.
- 3.
Check existing trails: Review the list of existing CloudTrail trails in the region and verify if they are all enabled.
- 4.
Enable the trail: If there are no enabled trails in the region, you need to enable CloudTrail.
Necessary Codes (if any)
To enable a CloudTrail trail in a specific region, you can use the AWS Command Line Interface (CLI) with the following code:
aws cloudtrail create-subscription \ --name <trail-name> \ --s3-new-bucket <bucket-name> \ --region <region-name> \ --is-multi-region-trail \ --include-global-service-events
Make sure to replace
<trail-name><bucket-name><region-name>Step-by-Step Guide for Remediation
- 1.Log in to the AWS Management Console.
- 2.Open the CloudTrail service by navigating to the CloudTrail dashboard.
- 3.Verify that you are in the correct region. If not, select the desired region from the region selector dropdown.
- 4.Check the list of existing trails in the region. Ensure that there is at least one enabled trail.
- 5.If there are no enabled trails, click on the "Create trail" button to enable a new trail.
- 6.Provide a suitable name for the trail in the "Trail name" field.
- 7.Select an S3 bucket where the CloudTrail logs will be stored. If a bucket does not already exist, you can create a new bucket by clicking on the "Create a new S3 bucket" button. Alternatively, you can choose an existing bucket from the dropdown list.
- 8.Enable the "Apply trail to all regions" option if you want the trail to be multi-region enabled.
- 9.Enable the "Include global service events" option if you want to capture events from AWS global services.
- 10.Click on the "Create" button to create and enable the trail.
- 11.Verify that the newly created trail is now listed and displayed as "Enabled" in the CloudTrail dashboard.
- 12.Repeat these steps for each region to ensure compliance with the FedRAMP Low Revision 4 requirement.
By following these steps, you can ensure that at least one enabled trail is present in each region as per the FedRAMP Low Revision 4 security control standards.