CloudTrail global services is disabled
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

CloudTrail global services is disabled

cloudtrail

Classification:

compliance

Set up the cloudtrail integration.

Overview

Description

Ensure that an AWS CloudTrail trail has global service events enabled.

Rationale

Easily troubleshoot security issues for global services that aren’t region-specific.

Remediation

Console

By default, trail logs created in the CloudTrail console log global service events. For more information, see the About global service events docs.

CLI

  1. Run aws cloudtrail describe-trails

  2. Run update-trail on any returned trail name above to include-global-service-events.

    update-trail.sh

        aws cloudtrail update-trail
            --name GlobalTrailName
            --include-global-service-events