AWS-010 Amazon Web Services (AWS)

CloudTrail is enabled in ALL regions with a multi-region trail.

CloudTrail is enabled in ALL regions with a multi-region trail.

Domain
Amazon Web Services (AWS)
Area
Logging
Automated / manual
Automated

Risk if it fails

No log = no detection and no forensics.

Without an audit trail an intruder operates invisibly — you cannot see what they did, what they took, or even that a breach happened.

How Tess tests it

1 test — each concludes only on cited evidence.

CloudTrail is enabled in ALL regions with a multi-region trail.

Automated
Procedure
List trails and confirm at least one IsMultiRegionTrail=true and logging.

Read-only command 

aws cloudtrail describe-trails --query 'trailList[].{Name:Name,Multi:IsMultiRegionTrail}'
aws cloudtrail get-trail-status --name <trail>

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-004 Strong IAM password policy is enforced.

Want Tess to test AWS-010 against your evidence?

Book a demo