Skip to main content

Cloudtrail logs validation is not enabled

  • GG_ID: GG_IAC_0028
  • Severity: HIGH
  • Complexity: LOW
  • Categories: PERMISSION
  • Providers: AWS
  • Potential data exposure: False
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True

Description#

Cloudtrail logs record every action taken by a user, role or AWS service in the account as events. Log files integrity validation should be enabled to prevent an attacker from tampering the logs after Cloudtrail delivered them. This will ensure the Cloudtrail log files were not modified.

Impact#

An attacker could tamper the Cloudtrail logs and remove traces of their activity without detection.

Remediation guidelines#

Enable log file integrity validation for Cloudtrail.

External documentation#