AWS Config Rule: CloudTrail CloudWatch Logs Enabled
CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED
Fernando Honig
Last Update 10 months ago
Description: Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch logs. The trail is non-compliant if the CloudWatchLogsLogGroupArn property of the trail is empty.
Trigger type: Periodic
AWS Region: All supported AWS regions
How to Resolve Manually
To resolve this manually, you will need to ensure that your CloudTrail trail are being logged to CloudWatch Log Groups, this is located under the General details of any current trail.
Here, you will simply define a CloudWatch Log Group, and associate with it an IAM role you already have constructed, with the correct permissions to be able to send data to the chosen log group.
By selecting the edit button above, you are then presented with the options neccessary in order for you to configure your own CloudWatch Log Groups, in order for it to receive CloudTrail data. Please see the example below;
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
