Rule: All S3 Buckets Should Log S3 Data Events in CloudTrail
This rule ensures that all S3 buckets are logging S3 data events in CloudTrail for better monitoring and security purposes.
| Rule | All S3 buckets should log S3 data events in CloudTrail |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Medium |
Rule Description:
According to the rule/policy, all Amazon S3 buckets must have logging enabled for S3 data events in AWS CloudTrail, specifically to comply with the requirements of GxP 21 CFR Part 11. This ensures that data access and changes made to the S3 buckets are recorded and auditable, meeting the regulatory compliance standards.
Troubleshooting Steps:
- 1.Verify that the Amazon S3 service is enabled for your AWS account.
- 2.Ensure that AWS CloudTrail is enabled.
- 3.Confirm that your user account has the necessary permissions to enable logging for S3 data events.
Necessary Codes:
No specific code is required for this rule, as the configuration settings are managed within the AWS Management Console. However, should any automation or scripting be required, the AWS Command Line Interface (CLI) can be utilized.
Step-by-Step Guide for Remediation:
- 1.Login to the AWS Management Console.
- 2.Navigate to the AWS CloudTrail service.
- 3.Confirm that you are in the correct AWS region for your S3 buckets.
- 4.Click on "Trails" in the left sidebar menu.
- 5.Choose an existing trail or create a new one by clicking on the "Create trail" button.
- 6.Enter a trail name and select the S3 bucket where you want the logs to be stored.
- 7.Enable the "Data events" option.
- 8.In the "Include management events" section, ensure that "Read" and "Write" data events are selected.
- 9.Review the other trail settings and make any necessary changes based on your requirements.
- 10.Click on "Create" or "Save" to save the trail settings.
- 11.Proceed to validate the S3 buckets to ensure that they are configured to send data events to CloudTrail.
Note: The following steps should be repeated for each S3 bucket in your AWS account.
- 1.Navigate to the Amazon S3 service.
- 2.Select the S3 bucket for which you want to enable logging.
- 3.Click on the "Properties" tab.
- 4.Scroll down to the "Management" section and click on "CloudTrail settings".
- 5.Check if the created CloudTrail trail is listed in the drop-down menu.
- 6.Select the appropriate trail and save the changes.
Follow these steps for each S3 bucket to ensure that all buckets have logging enabled for S3 data events in CloudTrail, meeting the GxP 21 CFR Part 11 compliance requirement.
Remember to periodically review the CloudTrail logs and the compliance of your S3 buckets with this rule and any other relevant policies to maintain a secure and compliant environment.