Rule: At Least One Multi-Region AWS CloudTrail Presence Required

Ensure at least one multi-region AWS CloudTrail is present in the account for enhanced security

Rule	At least one multi-region AWS CloudTrail should be present in an account
Framework	FedRAMP Moderate Revision 4
Severity	✔ Medium

Rule Description

The rule requires the presence of at least one multi-region AWS CloudTrail in an account for FedRAMP Moderate Revision 4 compliance. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account activity. Multi-region CloudTrail provides higher availability and durability by capturing API events from multiple regions.

Troubleshooting Steps

1.
Ensure that you have the necessary permissions to configure CloudTrail.

2.
Check if there are any existing AWS CloudTrail configurations in the account.

3.
Verify if the existing AWS CloudTrail configuration is set to multi-region.

Necessary Codes

No specific code is required for this rule. However, you may need to use AWS CLI or AWS Management Console to check and configure CloudTrail.

Remediation Steps

Checking Existing AWS CloudTrail Configurations

1.
AWS Management Console
- Sign in to the AWS Management Console.
- Open the CloudTrail service.
- Check if there are any existing trails configured in the account.
- Verify if the existing trails are set to multi-region. If not, continue to the next steps.

2.
AWS CLI
- Install and configure AWS CLI on your local machine.
- Open a terminal or command prompt.
- Run the following command to list the existing CloudTrail trails:
  aws cloudtrail describe-trails
- Verify if any of the trails are set to multi-region. If not, continue to the next steps.

Creating a Multi-Region AWS CloudTrail

1.
AWS Management Console
- Sign in to the AWS Management Console.
- Open the CloudTrail service.
- Click on "Trails" in the left navigation menu.
- Click on "Create trail" button.
- Provide a name for the new trail.
- Select the S3 bucket where the trail logs will be stored.
- Enable multi-region trail by selecting the option.
- Configure other settings as required (e.g., log file validation, CloudWatch Logs integration).
- Click on "Create" to create the trail.

2.
AWS CLI
- Install and configure AWS CLI on your local machine.
- Open a terminal or command prompt.
- Run the following command to create a multi-region CloudTrail:
  aws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --is-multi-region

Conclusion

By following the above steps, you can ensure that at least one multi-region AWS CloudTrail is present in an account for FedRAMP Moderate Revision 4 compliance. It is essential for maintaining governance, compliance, and auditing of your AWS account activity across regions.

Rule: At Least One Multi-Region AWS CloudTrail Presence Required

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Checking Existing AWS CloudTrail Configurations

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Creating a Multi-Region AWS CloudTrail

Is your System Free of Underlying Vulnerabilities? Find Out Now

Checking Existing AWS CloudTrail Configurations

Creating a Multi-Region AWS CloudTrail

Is your System Free of Underlying Vulnerabilities?
Find Out Now