CloudTrail log file validation should be enabled¶
It is recommended that file validation be enabled on all CloudTrail logs because it provides additional integrity checking of the log data.
Navigate to CloudTrail.
In the left navigation, click Trails.
Click the target trail.
Within General details, click Edit.
Scroll down to Additional settings, and enable Log file validation.
Click Save changes.
Get a list of all CloudTrail trails and view their configuration:
aws cloudtrail describe-trails
Update any trail that has “LogFileVaidationEnabled” set to false:
aws cloudtrail update-trail --name <trail_name> --enable-log-file-validation