Quick Info
| Plugin Title | CloudTrail To CloudWatch |
| Cloud | AWS |
| Category | CloudTrail |
| Description | Ensures CloudTrail logs are being properly delivered to CloudWatch |
| More Info | Sending CloudTrail logs to CloudWatch enables easy integration with AWS CloudWatch alerts, as well as an additional backup log storage location. |
| AWS Link | http://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html |
| Recommended Action | Enable CloudTrail CloudWatch integration for all regions |
Detailed Remediation Steps
- Log into the AWS Management Console.
- Select the “Services” option and search for “CloudTrail”.
- In the “Dashboard” panel click on “View trails” button.
- Select the “trail” that needs to be verified under “Name” column.
- Scroll down and under the “CloudWatch Logs” option check for any log groups configuration. If no log groups are there than “CloudWatch” is not enabled for the selected trail.
- Click on the “Configure” button under the “CloudWatch Logs” section to configure log groups.
- In “New or existing log group” enter a name for log group and click on “Continue”.
- Create a new “IAM Role” to deliver CloudTrail events to CloudWatch Logs log group. Role Name is defined on it’s own once we click on new “IAM Role”.
- Click on “View Policy Document” to verify the “CloudTrail_CloudWatchLogs_Role”.
- Click “Allow” to save the changes. “CloudTrail CloudWatch” is now enabled for the selected trail.
