AWS-CloudTrail-CloudTrail-Enabled

Severity: High

Description: This control ensures that CloudTrail is enabled for all region capturing all types of Management Events. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. CloudTrail provides a history of AWS API calls for an account, including API calls made via the Management Console, SDKs, command line tools, and higher-level AWS services.

Remediation Steps:

Perform following to update cloudtrail configuration :

1. Login to the AWS Management Console at https://console.aws.amazon.com

2. Navigate to CloudTrail service.

3. left navigation pane, Click on Trails.

4. If 1 or more trails already exist, select the target trail to enable for global logging, else create new trail.

5. Click the edit icon next to Apply trail to all regions, Click Yes.

6. Click Save.

7. Click the edit icon next to Management Events.

8. Click All for setting Read/Write Events.

9. Click Save.

Important:

Reference:

• CIS reference: CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #3.1