aws-cloudtrail-validation-off¶
Ensure CloudTrail log file validation is enabled
Examples¶
Insecure Example
resource "aws_cloudtrail" "bigcorp" {
name = "tf-trail-bigcorp"
s3_bucket_name = aws_s3_bucket.bigcorp.id
enable_log_file_validation = false # default
}
myTrail:
DependsOn:
- BucketPolicy
- TopicPolicy
Type: AWS::CloudTrail::Trail
Properties:
S3BucketName:
Ref: S3Bucket
EnableLogFileValidation: false
IsLogging: true
Secure Example
resource "aws_cloudtrail" "bigcorp" {
name = "tf-trail-bigcorp"
s3_bucket_name = aws_s3_bucket.bigcorp.id
enable_log_file_validation = true
}
myTrail:
DependsOn:
- BucketPolicy
- TopicPolicy
Type: AWS::CloudTrail::Trail
Properties:
S3BucketName:
Ref: S3Bucket
EnableLogFileValidation: true
IsLogging: true