Cloud Defense Logo

Products

Solutions

Company

Rule: CloudTrail trails should be integrated with CloudWatch logs

Ensure compliance by integrating CloudTrail trails with CloudWatch logs.

RuleCloudTrail trails should be integrated with CloudWatch logs
FrameworkGxP 21 CFR Part 11
Severity
Critical

Rule Description:

CloudTrail trails should be integrated with CloudWatch logs for GxP 21 CFR Part 11 compliance. This rule ensures that all CloudTrail logs, which record AWS API activity events, are forwarded and stored securely in CloudWatch logs. By integrating these services, organizations can meet the regulatory requirements outlined in GxP 21 CFR Part 11.

Rule Details:

Integration between CloudTrail and CloudWatch logs for GxP 21 CFR Part 11 compliance involves the following steps:

  1. 1.

    Enable CloudTrail service:

    • Open the AWS Management Console and navigate to the CloudTrail service.
    • Click on "Trails" in the left navigation pane.
    • Choose an existing trail or create a new one.
    • Ensure that the trail is configured to record all desired regions and resources.
    • Enable the trail if not already enabled.
  2. 2.

    Create a CloudWatch log group:

    • Open the AWS Management Console and navigate to the CloudWatch service.
    • Click on "Log groups" in the left navigation pane.
    • Create a new log group with an appropriate name and retention settings.
    • Ensure the log group conforms to the GxP 21 CFR Part 11 requirements.
  3. 3.

    Configure CloudTrail log delivery to CloudWatch logs:

    • Go back to the CloudTrail service in the AWS Management Console.
    • Click on "Trails" in the left navigation pane.
    • Click on the desired trail to navigate to its configuration page.
    • Scroll down to the "CloudWatch Logs" section.
    • Select the log group created in Step 2 from the dropdown menu.
    • Save the changes.
  4. 4.

    Verify CloudTrail and CloudWatch log integration:

    • Go back to the CloudTrail service in the AWS Management Console.
    • Click on "Events" in the left navigation pane.
    • Select the desired trail from the list.
    • Wait for a few minutes for events to be recorded and delivered to the log group.
    • Open the CloudWatch service in the AWS Management Console.
    • Click on "Log groups" in the left navigation pane.
    • Locate the log group created in Step 2 and click on its name.
    • Verify that the CloudTrail logs are present and accessible.

Troubleshooting Steps:

If there are any issues with integrating CloudTrail with CloudWatch logs, consider the following troubleshooting steps:

  1. 1.

    Ensure proper access permissions: Make sure the IAM role used by CloudTrail has the necessary permissions to deliver logs to CloudWatch logs.

  2. 2.

    Verify log group settings: Double-check the log group configuration, including the retention period, log stream names, and any applicable filters.

  3. 3.

    Check trail configuration: Review the CloudTrail trail settings and confirm that the correct log group is selected for log delivery.

  4. 4.

    Verify CloudWatch log access: Ensure that the IAM role used by CloudWatch logs has access permissions to write logs to the specified log group.

  5. 5.

    Examine CloudTrail events: Check if there are any errors or warnings in the CloudTrail event history that indicate issues with log delivery.

  6. 6.

    Check CloudWatch log group capacity: If the log group has reached its capacity limit, consider increasing the retention period or deleting older logs to make room for new logs.

  7. 7.

    Monitor CloudTrail and CloudWatch service health: Stay updated with any service notifications or disruptions that might affect log integration.

Necessary Codes:

No specific codes are required for integrating CloudTrail with CloudWatch logs. The configuration can be done directly through the AWS Management Console.

Remediation Steps:

If any issues or non-compliance is detected, follow these steps to remediate the situation:

  1. 1.

    Identify the cause: Review the troubleshooting steps outlined above to identify the specific issue affecting the CloudTrail and CloudWatch log integration.

  2. 2.

    Address access permissions: If access permissions are incorrect, modify the IAM roles associated with CloudTrail and CloudWatch to ensure they have the necessary permissions for log delivery.

  3. 3.

    Adjust log group settings: If the log group configuration needs adjustment, modify the log group's retention period, filters, or other settings as required.

  4. 4.

    Verify and reconfigure trail: Double-check the CloudTrail trail configuration to confirm that the correct log group is selected for log delivery. Update the trail's settings if necessary.

  5. 5.

    Monitor for compliance: Regularly check the CloudWatch logs to ensure that CloudTrail events are being delivered properly and that the logs meet the GxP 21 CFR Part 11 compliance requirements.

By following these steps, organizations can successfully integrate CloudTrail with CloudWatch logs for GxP 21 CFR Part 11 compliance and maintain adherence to regulatory standards.

Is your System Free of Underlying Vulnerabilities?
Find Out Now