aws-cloudtrail-all-regions

Ensure CloudTrail is enabled in all Regions

Examples

Insecure Example

Terraform

resource "aws_cloudtrail" "bigcorp_setup" {
    name                          = "bigcorp_setup"
    s3_bucket_name                = aws_s3_bucket.auditing.id
    is_multi_region_trail         = false # Defaults to false
}

CloudFormation

AWSTemplateFormatVersion: "2010-09-09"
Resources:
    myTrail:
        Type: AWS::CloudTrail::Trail
        Properties:
            S3BucketName:
              Ref: S3Bucket
            EnableLogFileValidation: trues
            IsLogging: true
            IsMultiRegionTrail: false

Secure Example

Terraform

resource "aws_cloudtrail" "bigcorp_setup" {
    name                          = "bigcorp_setup"
    s3_bucket_name                = aws_s3_bucket.auditing.id
    is_multi_region_trail         = true
}

CloudFormation

AWSTemplateFormatVersion: "2010-09-09"
Resources:
    myTrail:
        Type: AWS::CloudTrail::Trail
        Properties:
            S3BucketName:
              Ref: S3Bucket
            EnableLogFileValidation: true
            IsLogging: true
            IsMultiRegionTrail: True

More information

• AWS Docs
• Terraform Docs
• Cloudformation Docs