Rule: CloudTrail trails should be integrated with CloudWatch logs
This rule ensures that CloudTrail trails are integrated with CloudWatch logs.
| Rule | CloudTrail trails should be integrated with CloudWatch logs |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Critical |
CloudTrail Integration with CloudWatch Logs for GxP 21 CFR Part 11
Description
In order to meet the requirements of GxP 21 CFR Part 11, it is essential to integrate CloudTrail trails with CloudWatch logs. CloudTrail provides visibility into the actions taken by various AWS services, while CloudWatch logs enable the centralized logging and analysis of those actions. This integration ensures that audit trails are captured and readily available for compliance purposes.
Troubleshooting Steps
If you encounter any issues while attempting to integrate CloudTrail with CloudWatch logs for GxP 21 CFR Part 11 compliance, follow these troubleshooting steps:
- 1.
Verify the IAM role: Ensure that you have the appropriate IAM role with sufficient permissions to enable this integration. Make sure the role includes necessary policies for CloudTrail and CloudWatch logs integration.
- 2.
Check CloudTrail settings: Confirm that CloudTrail is enabled and configured correctly. Ensure that you are capturing all relevant events and delivering them to CloudWatch logs.
- 3.
Verify CloudWatch log group: Check the CloudWatch log group settings to ensure that it exists and is properly configured. Ensure that CloudTrail logs are being delivered to this log group.
- 4.
Check CloudWatch log retention policy: Validate the log retention policy for your CloudWatch log group. Ensure that it complies with the requirements of GxP 21 CFR Part 11 regarding log retention duration.
- 5.
Ensure CloudWatch log permissions: Verify that the IAM role associated with CloudTrail has the necessary permissions to write logs to the designated CloudWatch log group.
Necessary Codes
Before proceeding with the integration, it is important to note that you will need to utilize the AWS Command Line Interface (CLI) with the appropriate permissions.
Step-by-Step Guide for Remediation
Step 1: Create a CloudWatch log group
- 1.Open the AWS Management Console and navigate to the CloudWatch service.
- 2.Click on "Logs" in the left navigation pane.
- 3.Click on the "Create log group" button.
- 4.Enter a name for the log group, ensuring it is relevant to your CloudTrail trails.
- 5.Click "Create" to create the CloudWatch log group.
Step 2: Enable CloudTrail integration with CloudWatch logs
- 1.Open the AWS Management Console and navigate to the CloudTrail service.
- 2.Select the appropriate CloudTrail trail that you want to integrate with CloudWatch logs.
- 3.Click on "Edit" for the selected trail.
- 4.In the "CloudWatch Logs" section, choose the CloudWatch log group you created in Step 1 from the dropdown menu.
- 5.Click "Save" to enable CloudTrail integration with CloudWatch logs.
Step 3: Verify the integration
- 1.Open the AWS Management Console and navigate to the CloudWatch service.
- 2.Click on "Logs" in the left navigation pane.
- 3.Locate the log group you created in Step 1 and click on it.
- 4.Verify that CloudTrail logs are being delivered to the log group and are visible in the log stream.
- 5.Review the logs to ensure they are capturing the required actions and events for compliance with GxP 21 CFR Part 11.
Step 4: Periodically review and monitor the logs
- 1.Regularly review the logs stored in the CloudWatch log group to ensure they continue to capture the necessary actions and events.
- 2.Set up CloudWatch log metric filters or alarms to proactively monitor for any anomalies or suspicious activities.
- 3.Establish a process for archiving and retaining the logs based on your organization's specific requirements and the guidelines of GxP 21 CFR Part 11.
By following these steps, you can successfully integrate CloudTrail trails with CloudWatch logs to meet the compliance requirements of GxP 21 CFR Part 11.