Ensure that your CloudTrail trails are recording both regional and global events in order to increase the visibility of the API activity in your AWS account for security and management purposes.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Turning on API activity monitoring for global services that are not region-specific such as IAM, STS and CloudFront enables you to have full visibility over all your AWS services. Having CloudTrail logging enabled for both AWS regional and global services would help you to demonstrate compliance and troubleshoot operational or security issues within your AWS account.
Note: if you enable Include Global Services in multiple single region trails, these will generate duplicate entries for a single event in the log files. To prevent this duplication, the feature must be enabled just for one single region trail and disabled for all other trails.
To determine if your trails record API calls for AWS global services, perform the following:
To enable API tracking and logging for AWS global services in your CloudTrail trails, perform the following: