Rule: Presence of Multi-Region AWS CloudTrail
This rule ensures at least one multi-region AWS CloudTrail is present in the account.
| Rule | At least one multi-region AWS CloudTrail should be present in an account |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ Medium |
Rule Description:
To comply with the FedRAMP Moderate Revision 4, it is required to have at least one multi-region AWS CloudTrail configured in your AWS account. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
Troubleshooting Steps:
If you do not have a multi-region AWS CloudTrail configured in your account, follow the steps below to troubleshoot and address the issue:
1. Check CloudTrail Settings:
- 1.Go to the AWS Management Console and sign in to your AWS account.
- 2.Navigate to the CloudTrail service.
- 3.Check if there is an existing CloudTrail configured.
- 4.Verify if the CloudTrail is set up as multi-region. If not, you need to modify the configuration.
2. Modify CloudTrail Configuration:
If your existing CloudTrail is not multi-region, you can modify its configuration to enable multi-region logging.
- 1.In the CloudTrail console, select your CloudTrail.
- 2.Click on the "Edit" button.
- 3.Under "Trail settings," locate the "Multi-Region" section.
- 4.Enable the "Multi-Region" option.
- 5.Review and adjust other settings as necessary.
- 6.Click "Save changes" to apply the modifications.
If you don't have an existing CloudTrail or would like to create a new one, follow the steps below:
3. Create a Multi-Region CloudTrail:
- 1.In the CloudTrail console, click on the "Create trail" button.
- 2.Enter a trail name and optionally provide a description.
- 3.Select your preferred storage location for the log files.
- 4.Under the "Management events" section, select the specific events you want to capture.
- 5.Enable the "Data events" section if required.
- 6.In the "Storage location" section, choose an S3 bucket where the log files will be stored.
- 7.Customize other settings as per your requirements.
- 8.In the "Multi-Region" section, enable the "Multi-Region" option.
- 9.Click "Create" to create the CloudTrail.
Neccessary Codes:
No specific code is required to resolve this issue. The configuration of multi-region logging can be done through the CloudTrail console.
Remediation Steps:
To ensure compliance with the FedRAMP Moderate Revision 4, follow the step-by-step guide below to create a multi-region AWS CloudTrail:
- 1.Login to your AWS Management Console.
- 2.Navigate to the CloudTrail service.
- 3.Click on the "Create trail" button.
- 4.Enter a unique name and description for the trail.
- 5.Select your preferred storage location for the log files.
- 6.Under the "Management events" section, select the specific events you want to capture.
- 7.Enable the "Data events" section if required.
- 8.In the "Storage location" section, choose an S3 bucket where the log files will be stored.
- 9.Customize other settings according to your needs.
- 10.In the "Multi-Region" section, enable the "Multi-Region" option.
- 11.Click on the "Create" button to create the multi-region CloudTrail.
- 12.Verify that the CloudTrail is created successfully and active.
- 13.Monitor the CloudTrail logs regularly to ensure the successful recording of events across regions.
By following these steps, you will have a multi-region AWS CloudTrail configured in compliance with the FedRAMP Moderate Revision 4 requirements.