AWS Config Rule: CloudTrail CloudWatch Logs Enabled

CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED

Fernando Honig

Last Update a year ago

Description: Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch logs. The trail is non-compliant if the CloudWatchLogsLogGroupArn property of the trail is empty.


Trigger type: Periodic


AWS Region: All supported AWS regions


How to Resolve Manually

To resolve this manually, you will need to ensure that your CloudTrail trail are being logged to CloudWatch Log Groups, this is located under the General details of any current trail.


Here, you will simply define a CloudWatch Log Group, and associate with it an IAM role you already have constructed, with the correct permissions to be able to send data to the chosen log group.


By selecting the edit button above, you are then presented with the options neccessary in order for you to configure your own CloudWatch Log Groups, in order for it to receive CloudTrail data. Please see the example below;


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us