Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of unencrypted CloudTrail logs in AWS, follow these steps:
- Login to the AWS Management Console.
- Navigate to the CloudTrail service page.
- Select the trail that you want to modify, and click on “Edit” button.
- In the “Advanced” section, enable the “Enable log file encryption” option.
- Choose the AWS KMS key that you want to use for encryption.
- Click on “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of unencrypted AWS CloudTrail logs using AWS CLI, follow the below steps:Replace Replace
- Open the AWS CLI on your local machine and run the following command to enable CloudTrail log encryption:
<trail_name> with the name of the CloudTrail trail that you want to encrypt, and <kms_key_id> with the ID of the KMS key that you want to use for encryption.- Verify that CloudTrail log encryption is enabled by running the following command:
<trail_name> with the name of the CloudTrail trail that you want to verify.- Check the AWS CloudTrail console to ensure that the CloudTrail logs are being encrypted.
Using Python
Using Python
To remediate the misconfiguration of unencrypted CloudTrail logs in AWS using Python, you can follow these steps:
- First, you need to check if CloudTrail logs are encrypted or not. For this, you can use the AWS SDK for Python (Boto3) and run the following code:
- If the CloudTrail logs are not encrypted, you need to create a KMS key and enable encryption for CloudTrail. You can use the following code to create a KMS key and enable encryption for CloudTrail:
- Once CloudTrail encryption is enabled, you can verify that the logs are encrypted by running the first code snippet again.