Homepage
About Snyk

CloudTrail does not have log file validation enabled Affecting CloudTrail service in AWS

Severity

0.0
medium
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Logging / Security

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-AWS CIS-Controls CSA-CCM ISO-27001 NIST-800-53 PCI-DSS
  • Snyk ID SNYK-CC-00005
  • credit Snyk Research Team
Report a new misconfiguration Found a mistake?

Description

File validation should be enabled on all CloudTrail logs because it provides additional integrity checking of the log data.

How to fix?

Set the aws_cloudtrail enable_log_file_validation field to true.

Example Configuration

resource "aws_cloudtrail" "example" {
  enable_log_file_validation = true
  # other required fields here
}