This rule states that at least one multi-region AWS CloudTrail should be present in an account.
Rule | At least one multi-region AWS CloudTrail should be present in an account |
Framework | General Data Protection Regulation (GDPR) |
Severity | ✔ Medium |
Rule Description:
To comply with the General Data Protection Regulation (GDPR), it is essential to have at least one multi-region AWS CloudTrail configured in your AWS account. CloudTrail is a service that enables you to monitor, log, and retain account activity within your AWS infrastructure. It provides you with an audit trail of events, including API calls made by or on behalf of your account.
Having a multi-region CloudTrail ensures that your audit logs are stored in multiple AWS regions, which adds an extra layer of data protection. In case of a region-specific failure or outage, having logs replicated across multiple regions ensures the continuity and availability of your audit trail.
Troubleshooting Steps:
Check if CloudTrail is enabled:
Verify if CloudTrail is configured for multi-region:
Check if CloudTrail logs are being delivered to an S3 bucket:
Confirm if CloudTrail is active:
Necessary Code/CLI Commands:
aws cloudtrail update-trail --name <trail-name> --is-multi-region-trail
aws cloudtrail create-trail --name <trail-name> --is-multi-region-trail --s3-bucket-name <bucket-name> --enable-log-file-validation
aws cloudtrail describe-trails --trail-name-list <trail-name>
Remediation Steps:
If no CloudTrail trail is present:
If existing CloudTrail trail is not multi-region enabled:
If CloudTrail logs are not being delivered to an S3 bucket:
If CloudTrail is not active:
Once the necessary steps are completed, you will have a multi-region CloudTrail enabled in your AWS account, ensuring compliance with GDPR regulations and providing enhanced data protection and audit trail coverage.