Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At Least One Multi-Region AWS CloudTrail

This rule ensures presence of a multi-region AWS CloudTrail in the account.

RuleAt least one multi-region AWS CloudTrail should be present in an account
FrameworkNIST 800-171 Revision 2
Severity
Medium

Rule Description

This rule ensures that an AWS account, adhering to the NIST 800-171 Revision 2 guidelines, contains at least one multi-region AWS CloudTrail. CloudTrail, a service provided by Amazon Web Services (AWS), enables the logging and tracking of API activity and resource changes across AWS accounts.

Troubleshooting Steps (if any)

If there is no multi-region AWS CloudTrail present in the account, the following steps can be taken to troubleshoot and rectify the issue:

  2. 1.
    Verify CloudTrail Configuration: Check if any CloudTrail trails are configured for the account.
  4. 2.
    Check Region: Ensure that the configured CloudTrail trails are multi-region, as the rule specifically requires a multi-region CloudTrail.
  6. 3.
    Review CloudTrail Logs: Validate if the CloudTrail logs contain the required activity and resource change information.
  8. 4.
    Ensure Logging is Enabled: Confirm that logging is enabled for the required AWS services and regions.

Necessary Code(s) (if any)

No code is required for this rule.

Step-by-Step Guide for Remediation

To remediate this issue and adhere to the NIST 800-171 Revision 2 guidelines, follow the step-by-step guide given below:

  2. 1.
    Login to the AWS Management Console.
  4. 2.
    Navigate to the AWS CloudTrail service.
  6. 3.
    Click on "Trails" in the left-hand menu.
  8. 4.
    Create a new trail by clicking on the "Create trail" button.
  10. 5.
    Provide a name for the trail to easily identify it.
  12. 6.
    Under "Apply trail to all regions in your account," enable the toggle switch to ensure it is a multi-region trail.
  14. 7.
    Choose the desired logging options, including the Amazon S3 bucket location for logs.
  16. 8.
    Enable log file validation to ensure data integrity.
  18. 9.
    Configure any additional settings, such as CloudWatch Logs integration or data events.
  20. 10.
    Click on "Create" to create the trail.
  22. 11.
    Confirm that the new trail appears in the list of trails with the correct multi-region configuration.
  24. 12.
    Periodically review the logs to ensure they capture the required activity and resource change information.

By following these steps, an AWS account can establish and maintain at least one multi-region AWS CloudTrail, meeting the requirements of the NIST 800-171 Revision 2 guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now