Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At Least One Enabled Trail should be Present in a Region

Check if at least one enabled CloudTrail trail is present in a specific region for audit and accountability compliance.

RuleAt least one enabled trail should be present in a region
FrameworkFedRAMP Moderate Revision 4
Severity
Low

Rule Description:

According to the FedRAMP (Federal Risk and Authorization Management Program) Moderate Revision 4, it is mandatory to have at least one enabled trail present in a specific region. This requirement serves to ensure proper monitoring and auditing of activities within the region.

Troubleshooting Steps:

In case the required trail is not found or not enabled, follow these troubleshooting steps:

  1. 1.

    Verify the existence of a trail: Check if there is already a trail enabled in the specific region. Use the AWS Management Console, AWS CLI (Command Line Interface), or AWS SDKs (Software Development Kits) to confirm the presence of a trail.

  2. 2.

    Check trail status: If a trail exists, ensure that it is in an enabled state. If the status is not "enabled," follow the remediation steps to enable the trail.

  3. 3.

    Confirm the correct region: Double-check that the trail is created in the correct region as required by the policy. If necessary, create a new trail in the correct region.

  4. 4.

    Validate permissions: Ensure that the IAM (Identity and Access Management) user or role used for trail creation has the necessary permissions to create and enable trails in the desired region. Review the IAM policies associated with the user/role to verify the required permissions.

  5. 5.

    Verify logging configuration: Confirm that the trail is configured to log the desired events or data. Adjust the logging configuration if needed to capture the appropriate information for monitoring and auditing purposes.

Necessary Codes:

In this rule, there are no specific codes to be provided. However, the AWS CLI commands can be used to create, enable, and manage trails. The following AWS CLI commands may be helpful for working with AWS CloudTrail:

  1. 1.
    Create a trail:
aws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --region <region-name>
  1. 1.
    Enable a trail:
aws cloudtrail start-logging --name <trail-name>
  1. 1.
    List existing trails:
aws cloudtrail describe-trails
  1. 1.
    Update or modify a trail:
aws cloudtrail update-trail --name <trail-name> --<parameter> <value>

Step-by-Step Guide for Remediation:

Follow these steps to remediate the issue of not having an enabled trail in the required region:

  1. 1.

    Log in to the AWS Management Console.

  2. 2.

    Navigate to the CloudTrail service.

  3. 3.

    Check if there is an existing trail in the required region: a. If a trail exists, proceed to step 5. b. If a trail doesn't exist, follow step 4.

  4. 4.

    Create a new trail in the required region: a. Click on the "Create trail" button. b. Provide a name for the trail. c. Select the desired S3 bucket to store the trail logs. d. Configure the trail settings according to your requirements. e. Choose the appropriate logging options. f. Enable the trail. g. Save the settings.

  5. 5.

    If the trail exists but is not enabled, follow these steps to enable it: a. Select the trail from the list. b. Click on the "Actions" dropdown menu. c. Choose "Start logging".

  6. 6.

    Verify that the trail is in the enabled state and captures the desired events.

By following these steps, you will ensure compliance with the FedRAMP Moderate Revision 4 policy by having at least one enabled trail in the required region for monitoring and auditing purposes.

Is your System Free of Underlying Vulnerabilities?
Find Out Now