Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: CloudTrail trails should be integrated with CloudWatch logs

This rule ensures integration of CloudTrail trails with CloudWatch logs for critical compliance.

RuleCloudTrail trails should be integrated with CloudWatch logs
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Critical

Rule Description

CloudTrail trails should be integrated with CloudWatch logs for General Data Protection Regulation (GDPR) compliance. This integration ensures that all logs generated by CloudTrail are stored securely and easily accessible for audit purposes. By adhering to this rule, organizations can maintain an audit trail of all API actions performed in their AWS account, which is important for meeting GDPR data protection requirements.

Troubleshooting Steps

  2. 1.
    Start by verifying if you have an existing CloudTrail trail in your AWS account.
  4. 2.
    Validate if the CloudTrail trail is capturing all necessary API events.
  6. 3.
    Check if there is an existing CloudWatch Logs group that can be used for CloudTrail integration.
  8. 4.
    Ensure that proper IAM permissions are assigned to the CloudTrail trail to send logs to CloudWatch Logs.
  10. 5.
    If logs are not being delivered to CloudWatch Logs, check the CloudTrail event history for any errors or disruptions.
  12. 6.
    Review the CloudWatch Logs retention settings to ensure compliance with GDPR requirements.

Necessary Codes

No specific codes are required for this rule. However, you may need to modify certain properties of your CloudTrail trail and CloudWatch Logs group using AWS CLI or SDKs.

Step-by-Step Guide for Remediation

  2. 1.
    Step 1: Open the AWS Management Console and navigate to the CloudTrail service.
  4. 2.
    Step 2: Select the CloudTrail trail that needs to be integrated with CloudWatch logs.
  6. 3.
    Step 3: Click on the "Edit" button to modify the trail settings.
  8. 4.
    Step 4: In the "CloudWatch Logs" section, choose an existing CloudWatch Logs group or create a new one.
  10. 5.
    Step 5: Ensure that the selected CloudWatch Logs group has appropriate permissions for CloudTrail to deliver logs.
  12. 6.
    Step 6: Save the trail settings and confirm the integration by checking if logs are being delivered to CloudWatch Logs.
  14. 7.
    Step 7: Verify that CloudWatch Logs retain the necessary logs for the required period under GDPR compliance.
  16. 8.
    Step 8: Regularly monitor CloudTrail and CloudWatch Logs for any potential issues to ensure continuous compliance.

By following these step-by-step instructions, you can successfully integrate CloudTrail trails with CloudWatch logs for GDPR compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now