AWS CloudTrail is not enabled with multi trail and not capturing all management events
Description
This policy identifies the AWS accounts which do not have a CloudTrail with multi trail enabled and capturing all management events. AWS CloudTrail is a service that enables governance, compliance, operational & risk auditing of the AWS account. It is a compliance and security best practice to turn on CloudTrail across different regions to get a complete audit trail of activities across various services.
NOTE: If you have Organization Trail enabled in your account, this policy can be disabled, or alerts generated for this policy on such an account can be ignored; as Organization Trail by default enables trail log for all accounts under that organization.
Code Example
Resources:
MyTrail:
Type: AWS::CloudTrail::Trail
Properties:
...
+ IsMultiRegionTrail: TrueRemediation
CloudFormation
To fix this issue, ensure that the `IsMultiRegionTrail` property in the `AWS::CloudTrail::Trail` resource is set to `true`.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0120 |
| Severity | INFO |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_67 |