Resource Type: AWS > CloudTrail > Trail

Resource Context

Trail is a part of the CloudTrail service.

Each Trail lives under a Region.

Controls

The primary controls for AWS > CloudTrail > Trail are:

• Active
• Approved
• CMDB
• Configured
• Discovery
• Encryption at Rest
• Log File Validation
• ServiceNow
• Tags
• Trail Status
• Usage

It is also targeted by these controls:

• AWS > CIS v1 > 2 Logging > 2.02 Ensure CloudTrail log file validation is enabled (Scored)
• AWS > CIS v1 > 2 Logging > 2.03 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible (Scored)
• AWS > CIS v1 > 2 Logging > 2.04 Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)
• AWS > CIS v1 > 2 Logging > 2.06 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)
• AWS > CIS v1 > 2 Logging > 2.07 Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)
• AWS > CIS v1.4 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled (Automated)
• AWS > CIS v1.4 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible (Automated)
• AWS > CIS v1.4 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs (Automated)
• AWS > CIS v1.4 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Automated)
• AWS > CIS v1.4 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Automated)
• AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
• AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
• AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
• AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
• AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• AWS > CIS v3.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
• AWS > CIS v3.0 > 3 - Logging > 3.04 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
• AWS > CIS v3.0 > 3 - Logging > 3.05 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• AWS > HIPAA > CloudTrail > CloudTrail trail log file validation should be enabled
• AWS > HIPAA > CloudTrail > CloudTrail trail logs should be encrypted with KMS CMK
• AWS > HIPAA > CloudTrail > CloudTrail trails should be integrated with CloudWatch logs
• AWS > NIST 800-53 > CloudTrail > At least one trail should be enabled with security best practices
• AWS > NIST 800-53 > CloudTrail > CloudTrail trail log file validation should be enabled
• AWS > NIST 800-53 > CloudTrail > CloudTrail trail logs should be encrypted with KMS CMK
• AWS > NIST 800-53 > CloudTrail > CloudTrail trails should be integrated with CloudWatch logs
• AWS > PCI v3.2.1 > CloudTrail > 1 CloudTrail logs should be encrypted at rest using AWS KMS CMKs
• AWS > PCI v3.2.1 > CloudTrail > 3 CloudTrail log file validation should be enabled
• AWS > PCI v3.2.1 > CloudTrail > 4 CloudTrail trails should be integrated with CloudWatch Logs

Category

• Management Tools

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/aws-cloudtrail#/resource/types/trail

Category URI

tmod:@turbot/turbot#/resource/categories/managementTools

GraphQL

query resource(id: "tmod:@turbot/aws-cloudtrail#/resource/types/trail") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-cloudtrail#/resource/types/trail'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/aws-cloudtrail#/resource/types/trail"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-cloudtrail#/resource/types/trail';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-cloudtrail#/resource/types/trail"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-cloudtrail#/resource/types/trail' and notification_type in ('resource_updated', 'resource_created');