Detections
Analytics

Ensure Amazon Simple Notification Service (SNS) topic is defined for notifying log file delivery for AWS CloudTrail

MEDIUM

Description

CloudTrail can be configured to send notifications to alert administrators about log delivery. When logs are delivered from CloudTrail to an S3 bucket, a predefined Simple Notification Service (SNS) topic can send a notification. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html

Remediation

AWS CloudTrail log file delivery notifications via SNS Topic can be configured by the API, CLI, or using the Console UI. There may be a large number of notifications for active accounts in which case an SQS configuration may also warranted. In addition, there may be security implications to ensure that this communication is protected and not accessible to the public. For remediation steps, see the AWS Documentation.

References:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-permissions-for-sns-notifications.html

Policy Details

Rule Reference ID: AC_AWS_0035
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_cloudtrail
Resource Category: Logging and Monitoring
Resource Type: CloudTrail

Frameworks