Control: CloudTrail trail log file validation should be enabled
Description
Utilize AWS CloudTrail log file validation to check the integrity of CloudTrail logs. Log file validation helps determine if a log file was modified or deleted or unchanged after CloudTrail delivered it. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.cloudtrail_trail_validation_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.cloudtrail_trail_validation_enabled --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std ->> 'enable_log_file_validation')::boolean then 'ok' else 'alarm' end status, split_part(address, '.', 2) || case when (attributes_std ->> 'enable_log_file_validation')::boolean then ' log file validation enabled' else ' log file validation disabled' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'aws_cloudtrail';