Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At Least One Enabled Trail Presence Requirement

This rule ensures the presence of at least one enabled trail in a specific region.

RuleAt least one enabled trail should be present in a region
FrameworkFedRAMP Moderate Revision 4
Severity
Low

Rule Description

The rule requires that at least one enabled trail should be present in a specific region for compliance with the FedRAMP (Federal Risk and Authorization Management Program) Moderate Revision 4.

Troubleshooting Steps

If you encounter any issues with this rule, you can follow the troubleshooting steps below:

  2. 1.

    Check the region: Verify that you are working in the correct region where the trail should be present. You can use the AWS CLI command 

    aws configure
    to check and change the selected region.

  4. 2.

    Verify enabled trails: Run the AWS CLI command 

    aws cloudtrail describe-trails
    to list all the existing trails in the region. Check if there is at least one trail with the status "Enabled" in the list.

  6. 3.

    Enable a trail: If there are no enabled trails in the region, you need to enable one. Use the AWS CLI command 

    aws cloudtrail create-trail
    to create a new trail, and then 
    aws cloudtrail start-logging
    to enable it.

  8. 4.

    Confirm compliance: After enabling the trail, use 

    aws cloudtrail describe-trails
    again to verify that the trail is now listed and marked as "Enabled" in the output.

Necessary Code

You can use the following AWS CLI commands to perform the necessary actions:

  2. 1.
    To list existing trails:
aws cloudtrail describe-trails
  2. 1.
    To create a new trail:
aws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --is-multi-region-trail --include-global-service-events

Replace 

<trail-name>
with a name for the trail and 
<bucket-name>
with the name of the S3 bucket where the trail logs will be stored.

  2. 1.
    To enable a trail:
aws cloudtrail start-logging --name <trail-name>

Replace 

<trail-name>
with the name of the trail you want to enable.

Step-by-Step Guide for Remediation

Follow the steps below to remediate any non-compliance with the rule:

  2. 1.

    Identify the region specified by the rule.

  4. 2.

    Run the AWS CLI command 

    aws configure
    to ensure that your AWS CLI is configured to work in the correct region.

  6. 3.

    Check if there are any enabled trails in the region by running the AWS CLI command 

    aws cloudtrail describe-trails
    .

  8. 4.

    If there are no enabled trails, create a new trail using the AWS CLI command 

    aws cloudtrail create-trail
    . Make sure to provide a unique name for the trail and specify the S3 bucket where the trail logs will be stored.

  10. 5.

    Enable the newly created trail by running the AWS CLI command 

    aws cloudtrail start-logging
    . Specify the name of the trail you want to enable.

  12. 6.

    Confirm compliance by running the AWS CLI command 

    aws cloudtrail describe-trails
    and verifying that the trail is now listed and marked as "Enabled" in the output.

By following these steps, you will ensure compliance with the rule requiring at least one enabled trail in the specified region for FedRAMP Moderate Revision 4.

Is your System Free of Underlying Vulnerabilities?
Find Out Now