At Least One Enabled Trail Rule
This rule ensures presence of at least one enabled trail in a region.
| Rule | At least one enabled trail should be present in a region |
| Framework | HIPAA |
| Severity | ✔ Low |
Rule Description:
This rule ensures that at least one enabled trail is present in a specific region to comply with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a regulatory framework that sets standards for the protection and security of sensitive patient health information.
Troubleshooting Steps:
If this rule is not met, follow these steps to troubleshoot and rectify the issue:
- 1.Identify the region where the requirement for an enabled trail is not met.
- 2.Check the existing trails in the region to determine if any are enabled.
- 3.If there are no enabled trails, proceed to create a new trail.
- 4.If there are existing trails, verify their status to ensure they are not disabled or inactive.
- 5.If a trail is disabled or inactive, enable it.
- 6.If no trails are present, or all existing trails are disabled, proceed to create a new trail.
Necessary Code:
To create a new trail, you can use the following code snippet as an example:
aws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --is-multi-region-trail
Replace
<trail-name><bucket-name>Make sure you have the necessary permissions to create a trail and access the specified S3 bucket.
Step-by-step Guide for Remediation:
Follow these steps to create or enable an AWS CloudTrail trail in the desired region:
- 1.
Identify the region: Determine the region where an enabled trail should be present as per the HIPAA requirement.
- 2.
Check existing trails: Use the AWS Management Console or AWS CLI to view the existing trails in the identified region. Ensure that at least one trail is enabled.
- 3.
Enable existing trail (if applicable): If an existing trail is present but disabled or inactive, follow these steps to enable it:
- AWS Management Console:
- Navigate to the CloudTrail service in the AWS Management Console.
- Select the disabled trail.
- Click the "Actions" drop-down menu.
- Choose "Enable trail" to activate the trail.
- AWS CLI:
Replaceaws cloudtrail start-logging --name <trail-name>
with the name of the disabled or inactive trail.<trail-name>
- 4.
Create a new trail: If there are no existing trails in the specified region or all trails are disabled, follow these steps to create a new trail:
- AWS Management Console:
- Navigate to the CloudTrail service in the AWS Management Console.
- Click the "Create trail" button.
- Provide a suitable name for the trail in the "Trail name" field.
- Select the appropriate S3 bucket for storing the trail logs.
- Enable the "Apply trail to all regions" option if necessary.
- Click "Create" to finalize the trail creation.
- AWS CLI:
Replaceaws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --is-multi-region-trail
with a suitable name for the trail and<trail-name>
with the name of the S3 bucket where the trail logs should be stored.<bucket-name>
- 5.
Verify the enabled status: Confirm that the trail is successfully enabled by checking its status. Ensure that the trail is active and capturing the required events.
By following these steps, you can ensure that at least one enabled trail is present in the specified region to comply with HIPAA regulations regarding AWS CloudTrail.