CloudTrail Trails Integrated with CloudWatch Logs Rule
This rule ensures CloudTrail trails are properly integrated with CloudWatch logs for enhanced security monitoring.
| Rule | CloudTrail trails should be integrated with CloudWatch logs |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Critical |
Rule Description:
The rule requires CloudTrail trails to be integrated with CloudWatch logs in order to comply with the NIST 800-53 Revision 5 security control requirements. This integration ensures that all the necessary log files from CloudTrail are collected and stored in CloudWatch for auditing and monitoring purposes.
Troubleshooting Steps:
- 1.
Verify CloudTrail and CloudWatch Logs Permissions:
- Ensure that the user or role that is used to integrate CloudTrail with CloudWatch Logs has the necessary permissions. The user or role should have the CloudTrail, CloudWatch Logs, and IAM permissions required for this integration.
- 2.
Check Trail Configuration:
- Validate the configuration of your CloudTrail trail to ensure it is set up correctly to integrate with CloudWatch Logs. Make sure the correct CloudWatch Logs group and stream are selected when configuring the trail.
- 3.
Review CloudWatch Log Group:
- Verify the CloudWatch Logs log group designated for the CloudTrail integration exists and is active. If the log group does not exist, create it using the appropriate configuration.
Necessary Codes:
No specific codes are required for this integration. It can be achieved through the AWS Management Console or CLI commands.
Step-by-Step Guide for Remediation:
Please follow the steps below to integrate CloudTrail with CloudWatch logs for NIST 800-53 Revision 5:
- 1.
Sign in to the AWS Management Console.
- 2.
Open the CloudTrail service.
- 3.
In the left navigation pane, click on "Trails".
- 4.
Select the desired trail that needs to be integrated with CloudWatch Logs.
- 5.
Click on the "Edit" button or select "Configure" from the Actions dropdown menu.
- 6.
In the "CloudWatch Logs" section, ensure that the "Enable CloudWatch Logs" option is selected.
- 7.
Select the appropriate log group and log stream. If the desired log group does not exist, click on the "Create a new log group" link and follow the prompts to create the log group.
- 8.
Click on "Save" to apply the changes.
- 9.
Validate the CloudTrail and CloudWatch Logs integration by checking the CloudWatch Logs Group and verifying that the logs are being collected.
Note:
Remember to review and update your CloudTrail and CloudWatch Logs configurations periodically to ensure continued compliance with NIST 800-53 Revision 5 security control requirements.