Query: At least one multi-region AWS CloudTrail should be present in an account

Description

AWS CloudTrail records AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from where the calls were made, and when the calls occurred. CloudTrail will deliver log files from all AWS Regions to your S3 bucket if MULTI_REGION_CLOUD_TRAIL_ENABLED is enabled.

Query

Tables used in this query:

• aws_account
• aws_cloudtrail_trail

Controls using this query:

• 1 CloudTrail should be enabled and configured with at least one multi-Region trail
• At least one multi-region AWS CloudTrail should be present in an account

SQL