AWS CloudTrail Best Practices
Cloud Conformity monitors AWS CloudTrail following the following rules:
CloudTrail configuration changes have been detected within your Amazon Web Services account.
Ensure AWS CloudTrail logging bucket has MFA Delete feature enabled.
Ensure CloudTrail trail logging buckets are not publicly accessible.
Ensure Data events are included into Amazon CloudTrail trails configuration.
Ensure Amazon CloudTrail trail log files are delivered as expected.
Ensure AWS CloudTrail trails are enabled for all AWS regions.
Ensure AWS CloudTrail trails track API calls for global services such as IAM, STS and CloudFront.
Ensure AWS CloudTrail trails are not duplicating global services events in their log files."
Ensure CloudTrail event monitoring with CloudWatch is enabled.
Ensure your AWS CloudTrail trails have log file integrity validation enabled.
Ensure your AWS CloudTrail logs are encrypted using AWS KMS–Managed Keys (SSE-KMS).
Ensure management events are included into AWS CloudTrail trails configuration.
Ensure that AWS CloudTrail trail uses the designated Amazon S3 bucket.
Ensure AWS CloudTrail buckets have server access logging enabled.