Ensure CloudTrail is Enabled and Logging

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This is why CloudTrail is a security best practice. Having a full inventory of your CloudTrails with current logging status across all of your accounts can help with CIS, NIST, HIPPA, GDPR & PCI-DSS compliance.

Audit & Remediation



  • If you see nothing configured here, select Create trail button. If you have a trail configured, press the hyperlink to validate.
  • Fill out the Trail name, set the Storage location and ensure Log file SSE-KMS encryption is checked. Create a new AS KMS Key and set an AWS KMS alias that is easy for you to associate with your trail. Enable log file validation in enabled.



  • Select the Next button.
  • In the Events portion select the Management events and Insights events.
  • Under Management events for API activity select Read and Write.



  • Select Next.
  • Select the Create trail button.
See all certificates in a single place!

Do you want to see all of your ACM certificates in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.


Other Key Features


Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +