AWS Cloudtrail Audit

Audit your Cloudtrail to safe gaurd your data

What we do?

Use MFA Delete Feature

Ensure that your AWS CloudTrail logging bucket use Multi-Factor Authentication (MFA) Delete feature in order to prevent the deletion of any versioned log files.

Addresses: Security

Check if logging buckets are publicly accessible

Check for any AWS CloudTrail logging buckets that are publicly accessible, in order to determine if your AWS account could be at risk.

Addresses: Security

CloudTrail must log Data Events

Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject.

Addresses: Security

Ensure Log files are delivered without any failures

Ensure that the log files generated by your AWS CloudTrail trails are delivered without any failures to designated recipients in order to keep CloudTrail logging data for security and compliance audits.

Addresses: Security, Operational Maturity

CloudTrail must be enabled for all regions

Ensure that CloudTrail is enabled for all AWS regions in order to increase the visibility of the API activity in your AWS account for security and management purposes.

Addresses: Security

Record both regional and global events

Ensure that your CloudTrail trails are recording both regional and global events in order to increase the visibility of the API activity in your AWS account for security and management purposes.

Addresses: Security

Enable Include Global Services feature

Ensure that only one trail within a CloudTrail multi-region logging configuration has Include Global Services feature enabled in order to avoid duplicate log events being recorded for the AWS global services such as IAM, STS or Cloudfront.

Addresses: Security

Ensure CloudTrail monitoring by CloudWatch logs

Ensure AWS CloudTrail events are being monitored with CloudWatch Logs for management and security purposes.

Addresses: Security

Enable File Integrity Validation Feature

Ensure that your trails have file integrity validation feature enabled in order to check the log files and detect whether these were modified or deleted after CloudTrail agent delivered them to the S3 bucket.

Addresses: Security

Ensure CloudTrail logs are encrypted

Ensure that your CloudTrail logs are encrypted at rest using server-side encryption provided by AWS KMS–Managed Keys (SSE-KMS) to enhance the security of your CloudTrail bucket

Addresses: Security

CloudTrails must log Management Events

Ensure that all your AWS CloudTrail trails are configured to log Management events in order to record important operations such as EC2 RunInstances, DescribeInstances, TerminateInstances and Console Login.

Addresses: Security

CloudTrail is configured to use appropriated S3 Bucket

Ensure that your Amazon CloudTrail trail is configured to use the appropriated S3 bucket in order to meet regulatory compliance requirements within your organization

Addresses: Security

Enable Server Access Logging feature

Ensure that any S3 buckets used by AWS CloudTrail have Server Access Logging feature enabled in order to track requests for accessing the buckets and necessary for security audits.

Addresses: Security

Enable Object Lock feature

Ensure that the Amazon S3 buckets associated with your CloudTrail trails have Object Lock feature enabled in order to prevent the objects they store (i.e. trail log files) from being deleted and meet regulatory compliance.

Addresses: Security


Not ready for a free signup yet? No worries!

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.