Json Yaml Missing Log File Validation
Description
Detects AWS CloudTrail trails configured without log file validation in CloudFormation templates. Disabling or omitting log file validation makes it impossible to verify if CloudTrail logs have been tampered with, which weakens security audit capabilities and compliance.
Weakness:
394 - Insufficient data authenticity validation - Cloudtrail Logs
Category: Functionality Abuse
Detection Strategy
• Review CloudFormation templates for AWS::CloudTrail::Trail resource definitions
• Check if the EnableLogFileValidation property is either missing or set to false
• Flag CloudTrail resources that do not explicitly enable log file validation
Vulnerable code example
Resources:
myTrail:
Type: AWS::CloudTrail::Trail
Properties:
IsLogging: true
S3BucketName: audit-bucket
EnableLogFileValidation: false # Vulnerable: Log file validation disabled, logs can be tampered
...✅ Secure code example
Resources:
myTrail:
Type: AWS::CloudTrail::Trail
Properties:
IsLogging: true
S3BucketName: audit-bucket
EnableLogFileValidation: true # Enabled log validation to prevent tampering
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.