TF 0125 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cloudtrail should be enabled in all regions regardless of where your AWS resources are generally homed
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The CloudTrail configuration only logs activity in selected regions, leaving other regions unmonitored. This partial logging occurs because the 'is_multi_region_trail' setting is not enabled in Terraform, unlike the default in the AWS Console.
Impact
Malicious or unauthorized activity in unmonitored AWS regions could go undetected, allowing attackers to perform actions without audit trails. This weakens incident detection and response, increasing the risk of unnoticed breaches or compliance failures.
Resolution
Enable Cloudtrail in all regions