There should be at least one multi-region CloudTrail trail per AWS account

Description

Ensures an AWS CloudTrail trail is enabled across all AWS regions for each account.

Rationale

The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.

Remediation

Perform the following to enable global (Multi-region) CloudTrail logging:

From the console

  1. Sign in to the AWS Management Console and open the IAM console
  2. Click Trails on the left navigation pane
  3. Click Get Started Now, if present
    • Click Add new trail
    • Enter a trail name in the Trail name box
    • Set the Apply trail to all regions option to Yes
    • Specify an S3 bucket name in the S3 bucket box
    • Click Create
  4. If any trails already exist, select the target trail to enable global logging
  5. Click the pencil (edit) icon next to Apply trail to all regions, click Yes, and click Save.
  6. Click the pencil (edit) icon next to Management Events
  7. Click All for the Read/Write Events setting
  8. Click Save

From the command line

Create or update a trail to enable multi-region CloudTrail logging:

  1. To create, run:
aws cloudtrail create-trail --name <trail_name> \
--bucket-name <s3_bucket_for_cloudtrail> \
--is-multi-region-trail 
  1. To update, run:
aws cloudtrail update-trail --name <trail_name> \
--is-multi-region-trail
PREVIEWING: brett0000FF/node-compatibility