cloudtrail
Checks
-
enable-all-regions Cloudtrail should be enabled in all regions regardless of where your AWS resources are generally homed
-
enable-at-rest-encryption Cloudtrail should be encrypted at rest to secure access to sensitive trail data
-
enable-log-validation Cloudtrail log validation should be enabled to prevent tampering of log data