Alibaba Cloud Action Trail Logging is not enabled for all regions

Description

This policy ensures that Action Trail in Alibaba Cloud is configured to log events in all regions. Action Trail allows for governance, compliance, and auditing over your Alibaba Cloud account by recording the actions taken on your account across all regions. Logging all regions ensures that you have a complete record of user and API actions throughout your entire cloud environment, providing comprehensive visibility and traceability.

Failing to log all regions can result in incomplete tracking of activity, which could obscure security incidents and hinder compliance and forensic investigations.

Code Example

resource "alicloud_actiontrail_trail" "example" {
  ...
+  trail_region = "All"
}

Remediation

Terraform

Resource: alicloud_actiontrail_trail
Arguments: trail_region

To mitigate this issue, ensure the `trail_region` attribute in the `alicloud_actiontrail_trail` resource is set to `All`.

Example:

Rule Details

Field	Value
ID	IAC-0004
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_4

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud Action Trail Logging is not enabled for all regions

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud Action Trail Logging is not enabled for all regions ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud Action Trail Logging is not enabled for all regions

Description

Code Example

Remediation

Rule Details

References