CloudTrail should have at least one CloudTrail trail set to a multi-region trail

Description

As a best practice, AWS recommends creating a trail that applies to all regions in the AWS partition in which you are working. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.

Console Remediation Steps

  • Navigate to CloudTrail.

  • In the left pane, select Trails.

  • Select the noncompliant trail.

  • Click the pencil icon next to Apply trail to all regions, and then choose Yes.

  • Click Save.

CLI Remediation Steps

  • To change a single-region trail to apply to all regions, replace MYTRAILNAME with your own trail name:

    • aws cloudtrail update-trail --name MYTRAILNAME --is-multi-region-trail