Benchmark: 6. Centralize CloudTrail logs
Description
Logging and monitoring are important parts of a robust security plan. Being able to investigate unexpected changes in your environment or perform analysis to iterate on your security posture relies on having access to data. AWS recommends that you write logs, especially AWS CloudTrail, to an S3 bucket in an AWS account designated for logging (Log Archive).
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-top-10Start the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 6. Centralize CloudTrail logs.
Run this benchmark in your terminal:
powerpipe benchmark run aws_top_10.benchmark.account_security_centralize_cloudtrail_logsSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_top_10.benchmark.account_security_centralize_cloudtrail_logs --shareControls
- At least one multi-region AWS CloudTrail should be present in an account
- At least one trail should be enabled with security best practices
- At least one enabled trail should be present in a region
- CloudTrail trails should have insight selectors and logging enabled
- CloudTrail trails should be integrated with CloudWatch logs