Detections
Analytics

Ensure data events logging is enabled for AWS CloudTrail trails

MEDIUM

Description

Data events logging is disabled for AWS CloudTrail trails. This may make audit process challenging.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the CloudTrail Console.
  2. Go to Trails then select the name of the Trail you wish to edit.
  3. Under Management events click Edit, then check the API Activity you wish to log.
  4. Select Save changes.

In Terraform -

  1. In the resource aws_cloudtrail, set the event_selector.read_write_type to All.

References:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail

Policy Details

Rule Reference ID: AC_AWS_0039
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_cloudtrail
Resource Category: Logging and Monitoring
Resource Type: CloudTrail

Frameworks