Skip to content

cloudtrail

Checks

  • enable-all-regions Cloudtrail should be enabled in all regions regardless of where your AWS resources are generally homed

  • enable-at-rest-encryption Cloudtrail should be encrypted at rest to secure access to sensitive trail data

  • enable-log-validation Cloudtrail log validation should be enabled to prevent tampering of log data