standard
turbot/aws_compliance

Pipeline: Correct one CloudTrail trail log not encrypted with KMS CMK

Runs corrective action on a single CloudTrail trail logs not encrypted with KMS CMK.

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run aws_compliance.pipeline.correct_one_cloudtrail_trail_log_not_encrypted_with_kms_cmk \
--arg 'title=<string>' \
--arg 'name=<string>' \
--arg 'region=<string>' \
--arg 'conn=<connection.aws>' \
--arg 'account_id=<string>' \
--arg 'kms_key_id=<string>'

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
pipeline = aws_compliance.pipeline.correct_one_cloudtrail_trail_log_not_encrypted_with_kms_cmk
args = {
title = <string>
name = <string>
region = <string>
conn = <connection.aws>
account_id = <string>
kms_key_id = <string>
}
}

Params

NameTypeRequiredDescriptionDefault
title
string
YesTitle of the resource, to be used as a display name.-
name
string
YesThe name of the CloudTrail trail.-
region
string
YesAWS Region of the resource(s).-
conn
connection.aws
YesName of the AWS connection to be used for any authenticated actions.-
account_id
string
YesThe account ID.-
notifier
notifier
YesThe name of the notifier to use for sending notification messages.notifier.default
notification_level
string
verbose, info, error
YesThe verbosity level of notification messages to send.info
approvers
list(notifier)
YesList of notifiers to be used for obtaining action/approval decisions.notifier.default
default_action
string
notify, skip, encrypt_cloud_trail_logs
YesThe default action to use when there are no approvers.notify
enabled_actions
list(string)
skip, encrypt_cloud_trail_logs
YesThe list of enabled actions approvers can select.
[
"skip",
"encrypt_cloud_trail_logs"
]
kms_key_id
string
YesSpecifies the KMS key ID to use to encrypt the logs delivered by CloudTrail.-

Outputs

This pipeline has no outputs.

Tags

category = Compliance
folder = Internal
mod = aws
service = AWS/Cloudtrail