Ensure that your Amazon CloudTrail trails are configured with the log file integrity validation in order to analyze the log files and determine if these files were modified or deleted after Amazon CloudTrail delivered them to the designated S3 bucket.
This rule can help you with the following compliance standards:
- CISAWSF
- PCI
- HIPAA
- GDPR
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Enabling log file integrity validation will allow you to check the integrity of your CloudTrail trail log files and determine if the log files were changed once delivered to the target S3 bucket (the expectation is that the log files should remain unchanged). The feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes practically impossible to change log files without detection.
Note: This conformity rule will also explain how to validate your CloudTrail trail log files as an integrity validation task for a cloud security audit.
Audit
To determine if your Amazon CloudTrail trails are configured with the log file validation, perform the following operations:
Remediation / Resolution
To enable log file integrity validation for your existing Amazon CloudTrail trails, perform the following operations:
Optional: To validate your Amazon CloudTrail log files using AWS Command Line Interface (AWS CLI), perform the following operations:
References
- AWS Documentation
- AWS CloudTrail FAQs
- CloudTrail Concepts
- Validating CloudTrail Log File Integrity
- Enabling Log File Integrity Validation for CloudTrail
- Validating CloudTrail Log File Integrity with the AWS CLI
- Creating a trail for your AWS account
- Creating, updating, and managing trails with the AWS Command Line Interface
- AWS Command Line Interface (CLI) Documentation
- cloudtrail
- list-trails
- describe-trails
- update-trail
- validate-logs
- CloudFormation Documentation
- AWS CloudTrail resource type reference
- Terraform Documentation
- AWS Provider