PlatformResourcesSign inSign Up

Ensure Alibaba Cloud Action Trail Logging for all regions

Error: Alibaba Cloud Action Trail Logging is not enabled for all regions

Bridgecrew Policy ID: BC_ALI_LOGGING_4
Checkov Check ID: CKV_ALI_4
Severity: LOW

Suggest Edits

Alibaba Cloud Action Trail Logging is not enabled for all regions

Description

By enabling Action Trail logging for all regions, you can track and monitor all activity in your Alibaba Cloud account, including the source IP address, the user or service that made the request, and the response status. This can help to identify potential security issues or unauthorized access, and can also be useful for auditing purposes.

Fix - Buildtime

Terraform

resource "alicloud_actiontrail_trail" "pass" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "All"
  trail_region       = "All"
}

Updated 9 months ago