Ensure that your CloudTrail trails are recording both regional and global events in order to increase the visibility of the API activity in your AWS account for security and management purposes.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Turning on API activity monitoring for global services that are not region-specific such as IAM, STS and CloudFront enables you to have full visibility over all your AWS services. Having CloudTrail logging enabled for both AWS regional and global services would help you to demonstrate compliance and troubleshoot operational or security issues within your AWS account.
Note: if you enable Include Global Services in multiple single region trails, these will generate duplicate entries for a single event in the log files. To prevent this duplication, the feature must be enabled just for one single region trail and disabled for all other trails.
Audit
To determine if your trails record API calls for AWS global services, perform the following:
Remediation / Resolution
To enable API tracking and logging for AWS global services in your CloudTrail trails, perform the following:
References
- AWS Documentation
- AWS CloudTrail FAQs
- CloudTrail Concepts
- Logging IAM Events with AWS CloudTrail
- AWS Regions and Endpoints
- Creating and Updating Your Trail
- Creating and Updating a Trail with the AWS CLI
- AWS Command Line Interface (CLI) Documentation
- describe-trails
- update-trail
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
CloudTrail Global Services Enabled
Risk level: High