My Saved Presets
You must be logged in to view saved presets

Loading Library ...

CloudTrail

Configuration to enable AWS CloudTrail in an AWS account. CloudTrail provides event history of an AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Configuration templates also include the following:

  • Create a new S3 bucket (default) to store CloudTrail logs or enter the name of an existing S3 bucket.
  • Create a CloudWatch Log Group to store CloudTrail logs, and the IAM Role required for this (Or specify an existing CloudWatch log group and IAM role). 
  • Include Data Events for Lambda, DynamoDB, and/or S3 to record data plane operations
  • Additional CloudTrail settings:
    • Log File Validation
    • Log Encryption with KMS
  • Organization Trail: Creates this trail for the whole AWS Organization. When this option is enabled, the configuration should be deployed in the Orgaizations' management account

Trail

AWS::CloudTrail::Trail
AdvancedEventSelectors

EventSelectors
DataResources

Values

ExcludeManagementEventSources

InsightSelectors

Tags

Bucket

AWS::S3::Bucket
AccelerateConfiguration

AnalyticsConfigurations
BucketEncryption
ServerSideEncryptionConfiguration

CorsConfiguration
CorsRules
IntelligentTieringConfigurations
InventoryConfigurations
LifecycleConfiguration
Rules
LoggingConfiguration

MetricsConfigurations
NotificationConfiguration
EventBridgeConfiguration
LambdaConfigurations
QueueConfigurations
TopicConfigurations
ObjectLockConfiguration

Rule
DefaultRetention

OwnershipControls
Rules
PublicAccessBlockConfiguration
ReplicationConfiguration

Rules
Tags
VersioningConfiguration

WebsiteConfiguration

RedirectAllRequestsTo

RoutingRules

BucketPolicy

AWS::S3::BucketPolicy

CloudFormation Template

© 2024 asecurecloud. All rights reserved.