AWS CloudTrail logging is disabled

Description

It is recommended to have a proper logging process for AWS CloudTrail in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Code Example

resource "aws_cloudtrail" "pass" {
  name                          = "TRAIL"
  s3_bucket_name                = aws_s3_bucket.test.id
  include_global_service_events = true
  enable_logging = true
  kms_key_id                    = aws_kms_key.test.arn
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0299
Severity	INFO
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_AWS_251

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS CloudTrail logging is disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS CloudTrail logging is disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS CloudTrail logging is disabled

Description

Code Example

Remediation

Rule Details

References