turbot/aws_compliance

Control: 3 CloudTrail log file validation should be enabled

Description

This control checks whether CloudTrail log file validation is enabled.

It does not check when configurations are altered.

To monitor and alert on log file changes, you can use Amazon EventBridge or CloudWatch metric filters.

Remediation

To enable CloudTrail log file validation

  1. Open the CloudTrail console at CloudTrail.
  2. In the navigation pane, choose Trails.
  3. In the Name column, choose the Trail Name to edit.
  4. Under General details, choose Edit.
  5. Under Additional settings, for Log file validation,, select Enabled.
  6. Choose Save.

Usage

steampipe check aws_compliance.control.pci_v321_cloudtrail_3

SQL

This control uses a named query:

cloudtrail_trail_validation_enabled

Tags