CloudTrail

Caligo provides the following security rules for AWS CloudTrail:

• Cloudtrail trails’ S3 logging buckets should have access logging enabled

• S3 buckets with Cloudtrail logs should not be publicly accessible

• Cloudtrail trails should be delivered to Cloudwatch

• Each account should have Cloudtrail enabled across all regions

• Cloudtrail trails should have log file validation enabled

• S3 bucket object-level read events logging should be enabled in Cloudtrail

• S3 bucket object-level write events logging should be enabled in Cloudtrail

• Cloudtrail trails should have at rest encryption enabled