Rule: CloudTrail trails should be integrated with CloudWatch logs
This rule emphasizes integrating CloudTrail trails with CloudWatch logs for enhanced security and monitoring.
| Rule | CloudTrail trails should be integrated with CloudWatch logs |
| Framework | General Data Protection Regulation (GDPR) |
| Severity | ✔ Critical |
Rule Description
CloudTrail trails should be integrated with CloudWatch logs for General Data Protection Regulation (GDPR) compliance. CloudTrail records API activity and AWS Management Console actions in your AWS account, providing important audit information for GDPR compliance. CloudWatch logs allow you to store, monitor, and analyze your log data generated by CloudTrail. By integrating CloudTrail with CloudWatch logs, you can centralize and easily manage your log data, ensuring proper data protection and compliance with GDPR requirements.
Troubleshooting Steps
If you encounter any issues while integrating CloudTrail trails with CloudWatch logs, follow these troubleshooting steps:
- 1.
Check CloudTrail configuration: Ensure that you have correctly enabled CloudTrail in your AWS account and specified the desired trail settings, including the desired S3 bucket for log storage.
- 2.
Verify CloudWatch Logs subscription filter: Ensure that you have created a CloudWatch Logs subscription filter for your CloudTrail trail. This filter specifies the destination log group in CloudWatch Logs where the logs will be stored.
- 3.
Confirm IAM permissions: Verify that the IAM role associated with your CloudTrail trail has the necessary permissions to write logs to the specified CloudWatch Logs log group. The role should have the
,logs:CreateLogGroup
, andlogs:CreateLogStream
permissions.logs:PutLogEvents - 4.
Check CloudWatch Logs retention settings: Confirm that the retention period for your CloudWatch Logs log group is properly set to meet your GDPR compliance requirements. Adjust the retention period if necessary.
- 5.
Review CloudTrail and CloudWatch Logs integration: Ensure that both CloudTrail and CloudWatch Logs are integrated properly. Verify that CloudTrail trails are configured to send logs to the correct CloudWatch Logs log group.
- 6.
Inspect CloudWatch Logs event logs: If you are not seeing CloudTrail logs in your CloudWatch Logs log group, check the event logs in the AWS Management Console to identify any potential errors or issues related to CloudTrail and CloudWatch integration.
Necessary Codes
No specific codes are required for this integration. It can be achieved through the AWS Management Console by configuring the CloudTrail and CloudWatch Logs settings.
Step-by-Step Guide for Remediation
To integrate CloudTrail trails with CloudWatch logs for GDPR compliance, follow these steps:
- 1.
Open the CloudWatch Logs console: Sign in to the AWS Management Console and open the CloudWatch Logs service.
- 2.
Create a log group: If you do not have a log group already created, click on "Create log group". Specify a name for the log group, such as "CloudTrailLogs".
- 3.
Create a log stream: Within the log group, click on "Create log stream" to create a new log stream. Specify a name for the log stream, such as "CloudTrailStream".
- 4.
Enable CloudTrail: Open the CloudTrail service in the AWS Management Console.
- 5.
Create or select a trail: If you do not have a trail created already, click on "Create trail". Specify a name for the trail and choose the desired settings, including the storage location in an S3 bucket.
- 6.
Configure CloudWatch Logs integration: In the "CloudWatch Logs" section of the trail configuration, enable the option to "Send CloudTrail events to CloudWatch Logs". Select the desired CloudWatch Logs log group you created earlier.
- 7.
Configure other trail settings: Complete the trail configuration by specifying other desired settings, such as data events, management events, and advanced event selectors. These settings are optional but may be required for GDPR compliance.
- 8.
Create the trail: Click on "Create trail" to create and enable the trail with the specified settings.
- 9.
Verify integration: Monitor the CloudWatch Logs log group to ensure that CloudTrail logs are being properly sent and stored.
By following these steps, you will integrate CloudTrail trails with CloudWatch logs, enabling GDPR compliance and providing a centralized log management solution.