Logging policies

Ensure AWS CloudTrail is enabled in all regions

Ensure AWS CloudTrail log validation is enabled in all regions

Ensure the S3 bucket used to store CloudTrail logs does not have public access

Ensure CloudTrail and CloudWatch logs are integrated

Ensure AWS config is enabled in all regions

Ensure CloudTrail S3 bucket access logging is enabled

Ensure AWS CloudTrail logs are encrypted using CMKs

Ensure AWS CMK rotation is enabled

Ensure AWS VPC Flow logs are enabled

Ensure Amazon MQ Broker logging is enabled

Ensure container insights are enabled on ECS cluster

Ensure AWS Redshift database has audit logging enabled

Ensure CloudWatch log groups specify retention days

Ensure CloudTrail logging in All Regions is enabled

Ensure API Gateway has X-Ray tracing enabled

Ensure Global Accelerator has Flow logs enabled

Ensure API Gateway has access logging enabled

Ensure Amazon MSK cluster logging is enabled

Ensure AWS DocumentDB logging is enabled

Ensure AWS CloudFront distribution has access logging enabled

Ensure CloudWatch logs are encrypted at rest using KMS CMKs

Ensure AWS ELB (Classic) with access log is enabled

Ensure the ELB has access logging enabled

Ensure Nepture logging is enabled

Ensure AWS CloudFormation stacks are sending event notifications to an SNS topic

Ensure detailed monitoring for EC2 instances is enabled

Ensure CloudTrail trail is integrated with CloudWatch logs

Ensure enhanced monitoring for Amazon RDS instances is disabled

Ensure API Gateway stage have logging level defined appropriately