Sprinto Dashboard

How to resolve Sprinto check for enabling AWS CloudTrail

About

Sprinto check: AWS CloudTrail should be enabled

The above check prompts a reminder to enable the AWS CloudTrail service on your integrated AWS account on Sprinto.

AWS CloudTrail is a comprehensive service offered by Amazon Web Services (AWS) designed for AWS account governance, compliance, and security auditing. By recording API calls on an AWS account, CloudTrail provides valuable insights into user activity, resource modifications, and other critical events across the AWS infrastructure. With features like event history, trails, and seamless integration with AWS services, CloudTrail offers organizations the means to enhance security, achieve compliance, and gain operational visibility in their cloud environment.

Note: At this time, our platform does not support AWS CloudWatch Composite Alarms or Math-Based Alarms. This means you cannot create alarms that: Combine multiple alarms using logical conditions (e.g., ALARM1 AND ALARM2) Use metric math expressions (e.g., calculating averages or deltas across metrics)

Purpose

A trail enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket you specify. Additionally, you can configure other AWS services to analyze and act upon the event data collected in CloudTrail logs further.

Additionally, If you have created an organization in AWS Organizations, you can create a trail that will log all events for all AWS accounts in that organization. Creating an organization trail helps you define a uniform event-logging strategy for your organization.

How to resolve

Take the following steps to enable the AWS CloudTrail service on your AWS account.

Before your begin

  • Ensure you have “Admin” access on the AWS account for which you want to enable the service.

  • Log in on Sprinto as administrator.

Enabling AWS CloudTrail

  • Log in to your AWS account using your credentials.

  • From AWS Console, open the AWS CloudTrail service.

  • If you are creating the trail for the first time, you can see Get Started or Create a Trail button, depending on the interface.

  • Enter a Trail name, then click Create trail. Note: By default, the AWS CloudTrail you created gets scoped for all of your AWS services. You can change the trail scope later to any specific AWS service if required.

  • From the Choose log event page, select the following event types: - Management events - Data events - Insights event - Network activity events

  • Review the selected options, then click Create trail.

Support

Please get in touch with our support team if you have any queries or need any assistance.

PreviousHow to resolve Sprinto check for disabling inactive AWS users credentialsNextHow to resolve Sprinto check for enabling “Secure transfer required” on Azure