Aqua CSPM

CloudTrail To CloudWatch

Quick Info

Plugin TitleCloudTrail To CloudWatch
CloudAWS
CategoryCloudTrail
DescriptionEnsures CloudTrail logs are being properly delivered to CloudWatch
More InfoSending CloudTrail logs to CloudWatch enables easy integration with AWS CloudWatch alerts, as well as an additional backup log storage location.
AWS Linkhttp://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
Recommended ActionEnable CloudTrail CloudWatch integration for all regions

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for “CloudTrail”.
  3. In the “Dashboard” panel click on “View trails” button.
  4. Select the “trail” that needs to be verified under “Name” column.
  5. Scroll down and under the “CloudWatch Logs” option check for any log groups configuration. If no log groups are there than “CloudWatch” is not enabled for the selected trail.
  6. Click on the “Configure” button under the “CloudWatch Logs” section to configure log groups.
  7. In “New or existing log group” enter a name for log group and click on “Continue”.
  8. Create a new “IAM Role” to deliver CloudTrail events to CloudWatch Logs log group. Role Name is defined on it’s own once we click on new “IAM Role”.
  9. Click on “View Policy Document” to verify the “CloudTrail_CloudWatchLogs_Role”.
  10. Click “Allow” to save the changes. “CloudTrail CloudWatch” is now enabled for the selected trail.