CloudTrail logs should be stored in S3 and also sent to CloudWatch Logs
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
Description#
CloudTrail is configured to store logs only in S3 and does not send them to CloudWatch Logs, preventing real-time monitoring and analysis of AWS API activity. This limits the ability to detect and respond quickly to suspicious actions.
Impact#
Without integration with CloudWatch Logs, security teams cannot perform real-time alerting or automated responses to critical AWS events. This delay in detection increases the risk of unnoticed unauthorized activities or misconfigurations, potentially leading to security breaches or data loss.
Resolution#
Enable logging to CloudWatch