CloudTrail trail has logging disabled Affecting CloudTrail service in AWS
Severity Framework
Snyk CCSS
Rule category
Logging / Access
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
HIPAA
ISO-27001
NIST-800-53
PCI-DSS
SOC-2
- Snyk ID SNYK-CC-00006
- credit Snyk Research Team
Description
Without CloudTrail logging enabled, you cannot keep a record of all access and events on your account.
How to fix?
Set the trail's enable_logging attribute to true.
Example Configuration
resource "aws_cloudtrail" "secure" {
name = "secure"
s3_bucket_name = "example-bucket"
enable_logging = true
}