Rule: At Least One Multi-Region AWS CloudTrail Presence

This rule mandates the presence of at least one multi-region AWS CloudTrail in an account for compliance.

Rule	At least one multi-region AWS CloudTrail should be present in an account
Framework	RBI Cyber Security Framework
Severity	✔ Medium

AWS CloudTrail Multi-Region Deployment for RBI Cyber Security Framework

Rule Description

As per the RBI (Reserve Bank of India) Cyber Security Framework, it is required to have at least one multi-region AWS CloudTrail service enabled in an AWS account. AWS CloudTrail provides crucial visibility into actions performed within an AWS environment, delivering audit logs that can be used for security and compliance purposes. The multi-region configuration ensures that the CloudTrail trail captures events from all the regions within an AWS account.

Troubleshooting Steps (if applicable)

If you encounter issues while configuring or validating the multi-region deployment of AWS CloudTrail, consider the following troubleshooting steps:

1.
Validation Errors: If you encounter any validation errors during the configuration process, review the error message provided by AWS CloudTrail and ensure that the necessary permissions are granted to the CloudTrail service to create and manage resources. Additionally, verify that you're using the correct AWS region and that you have appropriate access to that region.

2.
Insufficient IAM Permissions: Ensure that the IAM (Identity and Access Management) roles used for configuration have the necessary permissions to create and configure resources like Amazon S3 buckets and AWS CloudTrail trails.

3.
Region Availability: Check if the AWS region you are trying to configure CloudTrail in supports multi-region setup. Some regions may have limitations or different default behaviors for multi-region configuration.

Necessary Codes (if applicable)

If you need some reference codes while configuring AWS CloudTrail or related resources, you can utilize the following code snippets as a starting point:

Creating a CloudTrail Trail with Multi-Region Configuration using AWS CLI

aws cloudtrail create-trail \
  --name MyMultiRegionTrail \
  --s3-bucket-name <YOUR_BUCKET_NAME> \
  --is-multi-region-trail \
  --is-organization-trail

Note: Update

<YOUR_BUCKET_NAME>

with the name of the Amazon S3 bucket where you want to store the CloudTrail logs.

Step-by-Step Guide for Remediation

To enable multi-region AWS CloudTrail for compliance with the RBI Cyber Security Framework, follow the steps below:

1.
Sign in to the AWS Management Console using appropriate credentials.

2.
Open the CloudTrail service by selecting it from the list of available services.

3.
Click on "Trails" in the left navigation pane.

4.
Click on "Create trail" to start configuring a new trail.

5.
Provide a name for the trail that indicates it is for multi-region purposes, such as "MultiRegionTrail" or any suitable name.

6.
Choose an existing S3 bucket or create a new one to store CloudTrail logs. Make sure the bucket is in the same AWS account and region where you are creating the trail.

7.
Enable "Yes" for "Apply trail to all regions" to ensure multi-region log collection.

8.
If required, you can enable "Enable log file validation" to validate the integrity of log files stored in the S3 bucket.

9.
Enable "Save CloudTrail event history" so that your trail captures all events, including events performed before trail creation.

10.
Optionally, you can configure advanced settings such as data events (if applicable), tags, or encryption.

11.
Review the configuration details and click "Create" to create the multi-region CloudTrail trail.

12.
Once the trail is created, you can verify its configuration and status under the "Trails" section.

13.
Ensure that all AWS regions within the account where the trail needs to be implemented are selected and the trail status shows "Logging".

14.
If there are multiple AWS accounts within an organization, ensure each account has at least one multi-region trail enabled to comply with the RBI Cyber Security Framework requirements.

By following the above steps, you will have successfully configured at least one multi-region AWS CloudTrail in your AWS account as required by the RBI Cyber Security Framework.

Rule: At Least One Multi-Region AWS CloudTrail Presence

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps (if applicable)

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes (if applicable)

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Creating a CloudTrail Trail with Multi-Region Configuration using AWS CLI

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description

Troubleshooting Steps (if applicable)

Necessary Codes (if applicable)

Creating a CloudTrail Trail with Multi-Region Configuration using AWS CLI

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now