Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At Least One Multi-Region AWS CloudTrail

This rule states that at least one multi-region AWS CloudTrail should be present in an account.

RuleAt least one multi-region AWS CloudTrail should be present in an account
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Medium

Rule Description:

To comply with the General Data Protection Regulation (GDPR), it is essential to have at least one multi-region AWS CloudTrail configured in your AWS account. CloudTrail is a service that enables you to monitor, log, and retain account activity within your AWS infrastructure. It provides you with an audit trail of events, including API calls made by or on behalf of your account.

Having a multi-region CloudTrail ensures that your audit logs are stored in multiple AWS regions, which adds an extra layer of data protection. In case of a region-specific failure or outage, having logs replicated across multiple regions ensures the continuity and availability of your audit trail.

Troubleshooting Steps:

  1. 1.

    Check if CloudTrail is enabled:

    • Open the AWS Management Console.
    • Navigate to the CloudTrail service.
    • Verify if there is at least one CloudTrail trail created.
  2. 2.

    Verify if CloudTrail is configured for multi-region:

    • Select the CloudTrail trail in the console.
    • In the trail configuration, ensure that the "Enable log file validation" option is selected.
    • Confirm that the trail has logging enabled in multiple regions.
  3. 3.

    Check if CloudTrail logs are being delivered to an S3 bucket:

    • Confirm that the selected CloudTrail trail has a properly configured S3 bucket destination.
    • Ensure that the S3 bucket has appropriate permissions and is accessible.
  4. 4.

    Confirm if CloudTrail is active:

    • Check the status of the CloudTrail trail and ensure it is active.
    • Validate that there are no recent errors reported for the trail.

Necessary Code/CLI Commands:

  1. 1.
    Enable multi-region logging for CloudTrail:
aws cloudtrail update-trail --name <trail-name> --is-multi-region-trail
  1. 1.
    Create a CloudTrail trail with multi-region logging:
aws cloudtrail create-trail --name <trail-name> --is-multi-region-trail --s3-bucket-name <bucket-name> --enable-log-file-validation
  1. 1.
    Verify CloudTrail status:
aws cloudtrail describe-trails --trail-name-list <trail-name>

Remediation Steps:

  1. 1.

    If no CloudTrail trail is present:

    • Create a new CloudTrail trail using the AWS Management Console or the AWS CLI.
    • Use the necessary code/command provided to enable multi-region logging and log file validation.
  2. 2.

    If existing CloudTrail trail is not multi-region enabled:

    • Update the CloudTrail trail configuration using the necessary code/command provided to enable multi-region logging.
  3. 3.

    If CloudTrail logs are not being delivered to an S3 bucket:

    • Update the CloudTrail trail configuration with a valid S3 bucket destination.
  4. 4.

    If CloudTrail is not active:

    • Ensure that any reported errors are resolved.
    • Use the necessary code/command provided to verify the CloudTrail status and address any issues reported.

Once the necessary steps are completed, you will have a multi-region CloudTrail enabled in your AWS account, ensuring compliance with GDPR regulations and providing enhanced data protection and audit trail coverage.

Is your System Free of Underlying Vulnerabilities?
Find Out Now