AWS Cloudtrail
      Back to home
      1. CNS Policies
      2. AWS Knowledge Base
      3. AWS Cloudtrail

      CloudTrail Incorrect S3 Bucket Configuration

      This plugin ensures that AWS CloudTrail uses the specified Amazon S3 bucket for the trail

      Risk Level: High

      Description:

      This plugin ensures that AWS CloudTrail uses the specified Amazon S3 bucket for the trail. To meet regulatory compliance standards within your organization, make sure your Amazon CloudTrail path is configured to use the appropriate S3 bucket.

      Recommended Action: Modify CloudTrail trails to configure designated S3 bucket

      Configuration Parameters

      Trail S3 Bucket Name: This parameter determines that the CloudTrail trail should have a designated 'Amazon S3 bucket name. An alert is generated when the CloudTrail uses a non-designated S3 bucket.

      By default, the value of this parameter is set to null.

      About the Service :

      AWS CloudTrail is an AWS service that allows you to manage your AWS account's governance, compliance, operational, and risk auditing. In CloudTrail, actions done by a user, role, or AWS service are recorded as events. Actions made in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs are all considered events.

      Impact: 

      If the wrong S3 bucket is configured for the trail and then all the data that we would store in it would be lost since that bucket is wrongly placed.

      Steps to reproduce :

      1. Sign in to your AWS management console.
      2. Navigate to the CloudTrail dashboard at: https://console.aws.amazon.com/cloudtrail/
      3. On the left panel, select Trails.
      4. Look out for the trail you want to examine.
      5. And next to the trail name, check if the S3 bucket name mentioned is the same one you want to configure for the trail.



      Steps for remediation :

      1. Sign in to your AWS management console.
      2. Navigate to the CloudTrail dashboard at: https://console.aws.amazon.com/cloudtrail/
      3. On the left panel, select Trails.
      4. Look out for the trail you want to examine and click on it.
      5. On the General Detail panel, click on Edit.
      6. In the Trail Log Bucket Name, click on Browse, and select the correct S3 bucket that you want to configure for the selected trail.




      References: