standard
turbot/aws_compliance

Trigger: Detect & correct CloudTrail trails with S3 logging disabled

Detect CloudTrail trails with S3 logging disabled and then enable S3 logging.

Query

select
concat(t.name, ' [', t.region, '/', t.account_id, ']') as title,
t.arn as resource,
t.name,
t.region,
t.account_id,
t.sp_connection_name as conn
from
aws_cloudtrail_trail t
inner join aws_s3_bucket b on t.s3_bucket_name = b.name
where
t.region = t.home_region
and b.logging is null;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/Cloudtrail