Enabling CloudTrail Log File Validation
Log File Integrity Validation in AWS
Do you have CloudTrail log file integrity validation enabled? This feature informs you on any modifications or deletions to CloudTrail logs. By using SHA-256 for hashing and SHA-256 with RSA for digital signing, AWS claims, “This makes it computationally infeasible to modify, delete, or forge CloudTrail log files without detection.”
Having a formal way to validate the integrity of your CloudTrail log files is extremely important for security and forensic investigations, but also for your historical records. You can enable CloudTrail log file integrity validation in the AWS Management Console, AWS CLI, or CloudTrail API.
Transcription
AWS CloudTrail Log File Validation is a digitally-signed, hashed value that you can use to validate the integrity of your logs. You can know that the log has not been changed or overwritten since it was originally created. This is particularly important for forensics and for historical records and should be enabled on all of your AWS CloudTrail logs.