Enable All Regions
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The CloudTrail configuration only logs activity in selected regions, leaving other regions unmonitored. This partial logging occurs because the ‘is_multi_region_trail’ setting is not enabled in Terraform, unlike the default in the AWS Console.
Impact#
Malicious or unauthorized activity in unmonitored AWS regions could go undetected, allowing attackers to perform actions without audit trails. This weakens incident detection and response, increasing the risk of unnoticed breaches or compliance failures.
Resolution#
Enable Cloudtrail in all regions