AWS CloudTrail logging is disabled

Description

It is recommended to have a proper logging process for AWS CloudTrail in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_cloudtrail" "pass" {
  name                          = "TRAIL"
  s3_bucket_name                = aws_s3_bucket.test.id
  include_global_service_events = true
  enable_logging = true
  kms_key_id                    = aws_kms_key.test.arn
}