logo

Database

Terraform Is Multi Region Trail False

Description

Detects CloudTrail trails that are not configured for multi-region logging in AWS Terraform configurations. Single-region trails create blind spots in audit logging by not capturing API activity across all AWS regions, which can lead to incomplete audit trails and potential security incidents going unnoticed.

Weakness:

400 - Traceability Loss - AWS

Category: Functionality Abuse

Detection Strategy

    Look for 'aws_cloudtrail' resource blocks in Terraform configuration files

    Check if the is_multi_region_trail attribute is explicitly set to false or missing

    Flag CloudTrail resources that are not configured to collect logs from all AWS regions

Vulnerable code example

resource "aws_cloudtrail" "vulnerable_trail" {
  name           = "vulnerable-trail"
  s3_bucket_name = aws_s3_bucket.logs.id
  
  # Vulnerability: Trail only monitors single region, missing potential security events
  is_multi_region_trail = false
}

✅ Secure code example

resource "aws_cloudtrail" "secure_trail" {
  name                          = "secure-trail"
  s3_bucket_name                = aws_s3_bucket.logs.id
  
  # Enable multi-region monitoring to capture events across all regions
  is_multi_region_trail         = true
  
  # Enable global service event logging for comprehensive security monitoring...