CloudTrail Audit
Checks performed
- CloudTrail Logging Bucket Should Use MFA Delete Feature
- CloudTrail Logging Buckets Should Not Be Publicly Accessible
- CloudTrail Must Log Data Events
- Log files Should Be Delivered Without Any Failures
- CloudTrail Must Be Enabled For All Regions
- Trails Should Record Both Regional And Global Events
- Duplicate Entries Should Be Avoided In CloudTrail Logs
- CloudTrail Events Should Be Monitored By CloudWatch Logs
- File Integrity Validation Feature Should Be Enabled For Trails
- CloudTrail Logs Should Be Encrypted
- CloudTrails Must Log Management Events
- CloudTrail Should Be Configured To Use Appropriated S3 Bucket
- Server Access Logging Feature Should Be Enabled
- Object Lock Feature Should Be Enabled