Rule: At Least One Multi-Region AWS CloudTrail
This rule ensures the presence of at least one multi-region AWS CloudTrail in an account.
| Rule | At least one multi-region AWS CloudTrail should be present in an account |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Medium |
Rule Description
This rule ensures that an AWS account adheres to the security requirements defined in the NIST 800-53 Revision 5 framework. Specifically, it requires the presence of at least one multi-region AWS CloudTrail.
Troubleshooting Steps
If the AWS account does not have at least one multi-region AWS CloudTrail, the following troubleshooting steps can be followed:
- 1.
Verify CloudTrail Service: Confirm if the AWS CloudTrail service is enabled in the account. To do this:
- Log in to the AWS Management Console.
- Navigate to the AWS CloudTrail service.
- Validate that the service is active and not disabled.
- 2.
Check Existing CloudTrails: Identify if there are existing CloudTrails in the account. Execute the following steps:
- Navigate to the AWS CloudTrail service in the AWS Management Console.
- Check for any existing CloudTrails.
- Validate if those CloudTrails are multi-region.
- 3.
Create a Multi-Region CloudTrail: If no multi-region CloudTrail exists, follow the steps below to create one:
- Log in to the AWS Management Console.
- Navigate to the AWS CloudTrail service.
- Click on "Create trail" to begin the trail setup.
- Provide a name for the trail that reflects its purpose.
- Select "Apply trail to all regions" to ensure multi-region coverage.
- Configure other desired settings like storage location, log file validation, and encryption.
- Add any necessary tags for easier identification and organization.
- Review the settings and Click on "Create".
Necessary Codes
No specific codes are required for this rule.
Step-by-Step Guide for Remediation
To create a multi-region AWS CloudTrail, follow the step-by-step guide below:
- 1.
Open the AWS Management Console and navigate to the AWS CloudTrail service.
- 2.
Click on "Create trail" to start setting up the trail.
- 3.
Provide a name for the trail that reflects its purpose. For example, "NIST80053-Revision5-MultiRegion-Trail".
- 4.
Select "Apply trail to all regions" to ensure multi-region coverage.
- 5.
Choose an existing S3 bucket or create a new one to store the CloudTrail logs.
- 6.
Configure log file validation to ensure data integrity, if required.
- 7.
Enable encryption of CloudTrail logs at rest, if necessary.
- 8.
Add any necessary tags for easier identification and organization.
- 9.
Review the trail settings to ensure they align with the requirements outlined in NIST 800-53 Revision 5.
- 10.
Click on "Create" to create the multi-region AWS CloudTrail.
- 11.
Verify that the CloudTrail has been successfully created and is active.
By following these steps, you will successfully create a multi-region AWS CloudTrail in the AWS account, meeting the requirements of the NIST 800-53 Revision 5 framework.