Rule: CloudTrail Trails Integration with CloudWatch Logs
This rule ensures CloudTrail trails are integrated with CloudWatch logs for enhanced monitoring and security.
| Rule | CloudTrail trails should be integrated with CloudWatch logs |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ Critical |
Rule Description:
CloudTrail is a service provided by Amazon Web Services (AWS) that enables auditing and monitoring of your AWS account activities. CloudWatch Logs is another AWS service that allows you to collect, monitor, and store log files from various AWS resources and applications. Integrating CloudTrail with CloudWatch logs provides additional visibility and centralized logging for security and compliance purposes.
The Federal Financial Institutions Examination Council (FFIEC) provides guidelines and standards for financial institutions in the United States. To meet compliance requirements set by the FFIEC, it is recommended to integrate CloudTrail trails with CloudWatch logs. This integration ensures that all CloudTrail logs are securely stored and easily accessible for auditing and monitoring purposes.
Troubleshooting Steps:
- 1.
Check if CloudTrail is enabled:
- Go to the AWS Management Console and navigate to the CloudTrail service.
- Ensure that there is at least one trail created and it is enabled. If not, create a new trail and enable it.
- 2.
Check if CloudWatch Logs is enabled:
- Go to the AWS Management Console and navigate to the CloudWatch service.
- Verify if CloudWatch Logs is enabled. If not, enable it.
- 3.
Configure CloudTrail to send logs to CloudWatch Logs:
- Open the CloudTrail console.
- Click on the existing trail or create a new trail.
- Under "CloudWatch Logs", select the checkbox "Enable CloudWatch Logs".
- Choose an existing CloudWatch Logs log group or create a new one.
- Click on "Save".
- 4.
Verify CloudTrail logs integration:
- Go to the CloudWatch console.
- Select the appropriate log group associated with the CloudTrail trail.
- Verify if the logs from CloudTrail are appearing in the log group.
Necessary Codes:
No specific codes are required for this integration. It can be configured via the AWS Management Console.
Step-by-step Guide for Remediation:
- 1.Open the AWS Management Console and navigate to the CloudTrail service.
- 2.Ensure that there is at least one trail created and it is enabled. If not, click on "Trails" and create a new trail by following the on-screen instructions.
- 3.Open the AWS Management Console and navigate to the CloudWatch service.
- 4.Verify if CloudWatch Logs is enabled. If not, click on "Logs" in the sidebar and enable CloudWatch Logs.
- 5.Return to the CloudTrail console.
- 6.Click on the existing trail you want to integrate with CloudWatch logs or create a new trail.
- 7.Under the "CloudWatch Logs" section, select the checkbox "Enable CloudWatch Logs".
- 8.Choose an existing CloudWatch Logs log group from the drop-down menu or create a new one by clicking the "Create a new log group" button.
- 9.Click on "Save" to save the changes.
- 10.Go to the CloudWatch console.
- 11.Select the appropriate log group associated with the CloudTrail trail you just configured.
- 12.Verify if the logs from CloudTrail are appearing in the log group.
- 13.The integration of CloudTrail trails with CloudWatch logs for FFIEC compliance is now complete.
Note: Ensure that proper access controls and permissions are set for CloudTrail and CloudWatch Logs to maintain security and compliance standards for your organization.