Rule: At Least One Multi-Region AWS CloudTrail Presence
This rule ensures the presence of at least one multi-region AWS CloudTrail in an account.
| Rule | At least one multi-region AWS CloudTrail should be present in an account |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ Medium |
Rule Description:
According to the FedRAMP Moderate Revision 4 requirements, it is mandatory to have at least one multi-region AWS CloudTrail enabled in an account. CloudTrail ensures the monitoring and auditing of all API activity within an AWS account, including account modifications, resource changes, and user actions. The multi-region aspect of CloudTrail ensures redundancy and availability across different AWS regions.
Troubleshooting Steps (if any):
In case a multi-region AWS CloudTrail is not present in the account, follow the below troubleshooting steps:
- 1.
Verify CloudTrail Service Status: Check if the CloudTrail service is active and available in the AWS Management Console. If not, ensure it is enabled.
- 2.
Verify Permissions: Ensure that the IAM user or role used to access the account has the necessary permissions to configure and manage CloudTrail. This includes permissions to create trails, enable multi-region functionality, and store logs in a centralized S3 bucket.
- 3.
Check Existing CloudTrail Configuration: Verify if there is an existing CloudTrail configured in the account. If one exists, evaluate if it is multi-region enabled. If not, consider creating a new CloudTrail with multi-region capability.
- 4.
Create a Multi-Region CloudTrail: If there is no CloudTrail in the account, or the existing one doesn't have multi-region enabled, follow the remediation steps below to create a new multi-region CloudTrail.
Remediation Steps:
- 1.
Open the AWS Management Console and sign in to the AWS account using appropriate credentials.
- 2.
Navigate to the CloudTrail service by searching for it in the services search bar.
- 3.
Click on the "Trails" tab located on the left-hand side of the CloudTrail dashboard.
- 4.
Click on the "Create trail" button.
- 5.
On the "Create trail" page, provide a unique name for the trail that reflects its purpose and functionality.
- 6.
Choose the option to apply the trail to all regions. This ensures multi-region functionality.
- 7.
Select the desired S3 bucket to store the CloudTrail logs. If there is no existing bucket, click on the "Create a new S3 bucket" button.
- 8.
Specify additional configuration options, such as enabling log file validation, CloudWatch Logs integration, or AWS Key Management Service (KMS) encryption, according to your organization's requirements and policies.
- 9.
Review the configuration settings and ensure that they comply with the necessary security and compliance standards.
- 10.
Click on the "Create" button to create the multi-region CloudTrail.
- 11.
Verify that the newly created CloudTrail appears in the list of trails and its status is "Logging".
You have successfully created a multi-region AWS CloudTrail in the account, complying with the FedRAMP Moderate Revision 4 requirements.
Neccessary Codes (if any):
There are no specific codes required to create a multi-region AWS CloudTrail. The remediation steps provided above can be followed directly within the AWS Management Console.