CloudTrail
AWS CloudTrail
Overview
AWS CloudTrail integration - regscale aws sync_cloudtrail - assesses audit and accountability controls (AU-2, AU-3, AU-6, AU-9, AU-11, AU-12, SI-4).
Command Syntax
regscale aws sync_cloudtrail [OPTIONS]
Basic Usage
# Sync all CloudTrail trails with evidence
regscale aws sync_cloudtrail --regscale-id 123 --create-evidence
# Filter by trail name
regscale aws sync_cloudtrail \
--regscale-id 123 \
--trail-name-filter org-trail \
--create-evidence \
--evidence-control-ids AU-2,AU-3,AU-9
# Filter by tags
regscale aws sync_cloudtrail \
--regscale-id 123 \
--tags Compliance=Required \
--create-evidence
NIST 800-53 Controls Assessed
- AU-2: Audit Events
- AU-3: Content of Audit Records
- AU-6: Audit Record Review, Analysis, and Reporting
- AU-9: Protection of Audit Information
- AU-11: Audit Record Retention
- AU-12: Audit Record Generation
- SI-4: System Monitoring
What Gets Created in RegScale
- Control Assessments: AU family controls
- Evidence: Trail configs, multi-region status, log validation, CloudWatch integration
- Issues: No log validation, not multi-region, no CloudWatch Logs
Common Use Cases
# FedRAMP audit logging assessment
regscale aws sync_cloudtrail \
--regscale-id 123 \
--create-evidence \
--evidence-control-ids AU-2,AU-3,AU-6,AU-9,AU-11,AU-12 \
--tags ATO=FedRAMP \
--create-issues \
--create-poams
Updated about 7 hours ago