If this monitor is showing as non-compliant, even though you’ve enabled logging in AWS CloudTrail, it may be due to a missing configuration: Management Events must be enabled for the monitor to pass.
✅ What You Need to Do
This monitor specifically checks whether Management Events are enabled on your CloudTrail. Even if logging is set up, the monitor will remain non-compliant if this setting is turned off.
📌 Note: If you only have one trail in AWS CloudTrail, ensure that it is not the default trail that is managed by AWS as we cannot collect any data for this trail due to the fact that it is not being managed by you
🔧 How to Fix It
Follow these steps to enable Management Events in your CloudTrail:
-
Open AWS CloudTrail
Log into your AWS Console and go to the CloudTrail section. -
Select Your Trail
Click on the trail you’re using for audit logging. -
Scroll to “Management Events”
Find the Management events section. -
Click “Edit”
Use the Edit button to update the settings.
-
Enable Management Events
-
Check the box to enable management event logging.
-
You can choose to log Read-only, Write-only, or All management events.
-
-
Save Changes
Click Save to apply the updates.