Ensure that CloudTrail is enabled for all AWS regions in order to increase the visibility of the API activity in your AWS account for security and management purposes.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Enabling global monitoring for your existing trails will help you to better manage your AWS account and maintain the security of you infrastructure. Applying your trail to all AWS regions has multiple advantages, such as receiving storing log files from all regions in a single S3 bucket and a single CloudWatch Logs group. It also enables managing trail configuration for all regions from one location and recording of API calls in regions that are not used to detect any unusual activity.
To determine if your CloudTrail trails are applied to all AWS regions, perform the following:
To enable multi-region logging for your CloudTrail trails, you need to perform the following: