High

Ensure CloudTrail trails record global service events

Security & Compliance
Description

To increase visibility of API activity in your AWS cloud account for security and management purposes, it is important to ensure that your Amazon CloudTrail trails are recording both regional and global events. Enabling API activity monitoring for global AWS services that are not region-specific, such as Amazon IAM, STS, and CloudFront, provides full visibility over all your AWS cloud services. Enabling CloudTrail logging for both regional and global AWS services helps you demonstrate compliance and troubleshoot operational or security issues within your AWS cloud account.

Remediation

Here are the remediation steps to ensure that your CloudTrail trails record global service events:

  1. Sign in to the AWS Management Console and navigate to the CloudTrail dashboard.
  2. Select the CloudTrail trail that you want to modify.
  3. Click on the "Edit" button.
  4. Scroll down to the "Data events" section.
  5. Enable the toggle for the global services that you want to record events for, such as IAM, STS, and CloudFront.
  6. Click "Save" to save the changes to the CloudTrail trail.
  7. Repeat the above steps for all CloudTrail trails that you want to enable global event recording for.
  8. Test your CloudTrail configuration to ensure that events are being recorded properly.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps