Triage AWS CloudTrail Redundant Regional REDUNDANT_REGIONAL_TRAIL
Quick Links
- Configure AWS CloudTrail Redundant Regional
- Use Case for AWS CloudTrail Redundant Regional
- Triage Guides by Violation Type
Triage Guide: Redundant Regional AWS CloudTrail
0. Understand
Why should I care about fixing this issue?
Redundant regional CloudTrail trails can incur unnecessary costs, as only the first trail in each region is free. By removing redundancy, you can optimize cost management.
1. Validate
How am I sure that this alert is true and accurate?
The policy relies on AWS CloudTrail API responses to count the number of trails. Ensure that the data retrieved matches the actual trail configuration.
What is the data source for this policy?
The data is fetched from AWS CloudTrail using the listTrails and describeTrails API operations.
Does this policy scan on a schedule or is it Reactive? If so, when?
The policy runs on a scheduled basis to check for redundant trails once a day (0 0 * * *).
2. Triage
What is the impact if it is unfixed?
If left unaddressed, redundant trails will continue to impose additional costs.
Does this problem get worse over time if it is unaddressed?
The problem of redundancy itself does not worsen, but the continued additional costs will accumulate over time.
Can remediation cause outages or downtime to any other running service?
Removing redundant trails should not cause downtime but should be carefully planned to avoid disruptions in logging.
3. Act
What do I do to fix this alarm?
- Log in to the AWS Management Console.
- Navigate to the CloudTrail service.
- Review and identify redundant trails.
- Delete the redundant trails to remain compliant and avoid unnecessary costs.
4. Reflect
What should I do if this alarm wasn't a good use of time?
If the alarm is not useful, you may consider:
- Adjusting the policy settings to better match your organizational requirements.
- Exploring alternative policies or tools to manage trail redundancies effectively.