PlatformResourcesSign inSign Up

Ensure AWS CloudTrail defines an SNS Topic

Error: AWS CloudTrail does not define an SNS Topic

Bridgecrew Policy ID: BC_AWS_GENERAL_175
Checkov Check ID: CKV_AWS_252
Severity: LOW

Suggest Edits

AWS CloudTrail does not define an SNS Topic

Description

AWS CloudTrail is a service that records API activity in your AWS account, including all API calls made to AWS services and the associated responses. By sending CloudTrail log events to an SNS topic, you can set up notifications that will be sent to you whenever certain types of activity occur in your AWS environment.

In addition, sending CloudTrail log events to an SNS topic also allows you to store the log events in a central location, such as an Amazon S3 bucket, for analysis and reporting purposes. This can be useful for compliance, auditing, and other types of monitoring.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_cloudtrail" "pass" {
  name                          = "TRAIL"
  s3_bucket_name                = aws_s3_bucket.test.id
  include_global_service_events = true
  enable_logging                = false
  is_multi_region_trail         = false
  sns_topic_name                = aws_sns_topic.notes.arn
  tags                          = { test = "Fail" }
}

Updated 9 months ago