AWS Config Rule: Multi-Region CloudTrail Enabled
MULTI_REGION_CLOUD_TRAIL_ENABLED
Ryan Ware
Last Update hace 10 meses
Description: Checks if there is at least one multi-region AWS CloudTrail. The rule is NON_COMPLIANT if the trails do not match input parameters. The rule is NON_COMPLIANT if the ExcludeManagementEventSources field is not empty or if AWS CloudTrail is configured to exclude management events such as AWS KMS events or Amazon RDS Data API events.
Trigger type: Periodic
AWS Region: All supported AWS regions
How to Resolve Manually
Creating a CloudTrail in the AWS Console as described in this AWS CloudTrail user guide will create a trail which applies to all regions, thus creating a resource which is considered to be COMPLIANT with this particular AWS Config Rule.
includeManagementEvents is a boolean parameter which must be included to have your AWS CloudTrail to be considered multi region enabled.
To check if your CloudTrail is a multi-region trail, head on over to your CloudTrail dashboard within your AWS Console and view your Trails.
How to Resolve with StackZone
By design, when StackZone builds you your CloudTrail stack within your StackZone deployment, it is configured to be multi-region.
However, if you already have a CloudTrail which is showing as NON_COMPLIANT, you can enable the remediation for this Config Rule which will allow StackZone to modify your CloudTrail automatically to include Global Service Events and also set the Trail to be multi-region.
To enable this in your StackZone deployment, head on over to BaseLine Services / AWS Config Rules Regional / Multi Region CloudTrail Remediation and enable the remediation.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
