AWS-CloudTrail-CloudTrail-To-CloudWatch

Severity: High

Description: This control ensures that  the CloudTrail is integrated with CloudWatch. CloudTrail uses Amazon S3 for log file storage and delivery, so log files are stored durably. In addition to capturing CloudTrail logs within a specified S3 bucket for long term analysis, real time analysis can be performed by configuring CloudTrail to send logs to CloudWatch Logs. It is recommended that CloudTrail logs be sent to CloudWatch Logs.

Remediation Steps:

Perform following to update CloudTrail integration with CloudWatch :

1. Login to the AWS Management Console at https://console.aws.amazon.com

2. Navigate to CloudTrail service.

3. left navigation pane, Click on Trails.

4. Click on each trail where no CloudWatch Logs are defined.

5. Go to CloudWatch Logs section, click on Configure.

6. Define a new or select an existing log group.

7. Click on Continue.

8. Click View Details to Configure IAM Role which will deliver CloudTrail events to CloudWatch Logs

   1. Create/Select an IAM Role and Policy Name.

   2. Click Allow to continue.

Important:

Reference:

•  CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #3.4