CloudTrail is not integrated with CloudWatch Affecting CloudTrail service in AWS
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00003
- creditSnyk Research Team
Description
If a user configures CloudTrail to send log events to CloudWatch Logs, they can then create CloudWatch Logs metric filters to search for specific terms such as a user or resource, or create CloudWatch alarms to trigger based on thresholds or anomalous activity.
How to fix?
Configure the aws_cloudtrail cloud_watch_logs_group_arn or cloud_watch_logs_role_arn field.
Ensure that the aws_cloudtrail resource has a cloud_watch_logs_group_arn, and optionally, a cloud_watch_logs_role_arn if not using the default role ARN.
Example Configuration
resource "aws_cloudtrail" "example" {
cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.example.arn}:*"
# other required fields here
}
Configure the AWS::CloudTrail::Trail CloudWatchLogsLogGroupArn or CloudWatchLogsRoleArn field.
Ensure that the AWS::CloudTrail::Trail resource has a CloudWatchLogsLogGroupArn, and optionally, a CloudWatchLogsRoleArn if not using the default role ARN.
Example Configuration
JSON example configuration:
{
"Type": "AWS::CloudTrail::Trail",
"Properties": {
"CloudWatchLogsLogGroupArn": {
"Fn::ImportValue": "TrailLogGroupTestArn"
}
}
# other required fields here
}
YAML example configuration:
Type: AWS::CloudTrail::Trail
Properties:
CloudWatchLogsLogGroupArn:
Fn::ImportValue: "TrailLogGroupTestArn"
# other required fields here