Ensure compliance by integrating CloudTrail trails with CloudWatch logs.
Rule | CloudTrail trails should be integrated with CloudWatch logs |
Framework | GxP 21 CFR Part 11 |
Severity | ✔ Critical |
Rule Description:
CloudTrail trails should be integrated with CloudWatch logs for GxP 21 CFR Part 11 compliance. This rule ensures that all CloudTrail logs, which record AWS API activity events, are forwarded and stored securely in CloudWatch logs. By integrating these services, organizations can meet the regulatory requirements outlined in GxP 21 CFR Part 11.
Rule Details:
Integration between CloudTrail and CloudWatch logs for GxP 21 CFR Part 11 compliance involves the following steps:
Enable CloudTrail service:
Create a CloudWatch log group:
Configure CloudTrail log delivery to CloudWatch logs:
Verify CloudTrail and CloudWatch log integration:
Troubleshooting Steps:
If there are any issues with integrating CloudTrail with CloudWatch logs, consider the following troubleshooting steps:
Ensure proper access permissions: Make sure the IAM role used by CloudTrail has the necessary permissions to deliver logs to CloudWatch logs.
Verify log group settings: Double-check the log group configuration, including the retention period, log stream names, and any applicable filters.
Check trail configuration: Review the CloudTrail trail settings and confirm that the correct log group is selected for log delivery.
Verify CloudWatch log access: Ensure that the IAM role used by CloudWatch logs has access permissions to write logs to the specified log group.
Examine CloudTrail events: Check if there are any errors or warnings in the CloudTrail event history that indicate issues with log delivery.
Check CloudWatch log group capacity: If the log group has reached its capacity limit, consider increasing the retention period or deleting older logs to make room for new logs.
Monitor CloudTrail and CloudWatch service health: Stay updated with any service notifications or disruptions that might affect log integration.
Necessary Codes:
No specific codes are required for integrating CloudTrail with CloudWatch logs. The configuration can be done directly through the AWS Management Console.
Remediation Steps:
If any issues or non-compliance is detected, follow these steps to remediate the situation:
Identify the cause: Review the troubleshooting steps outlined above to identify the specific issue affecting the CloudTrail and CloudWatch log integration.
Address access permissions: If access permissions are incorrect, modify the IAM roles associated with CloudTrail and CloudWatch to ensure they have the necessary permissions for log delivery.
Adjust log group settings: If the log group configuration needs adjustment, modify the log group's retention period, filters, or other settings as required.
Verify and reconfigure trail: Double-check the CloudTrail trail configuration to confirm that the correct log group is selected for log delivery. Update the trail's settings if necessary.
Monitor for compliance: Regularly check the CloudWatch logs to ensure that CloudTrail events are being delivered properly and that the logs meet the GxP 21 CFR Part 11 compliance requirements.
By following these steps, organizations can successfully integrate CloudTrail with CloudWatch logs for GxP 21 CFR Part 11 compliance and maintain adherence to regulatory standards.