Ensure AWS CloudTrail logging is enabled

Error: AWS CloudTrail logging is disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_172
Checkov Check ID: CKV_AWS_251
Severity: LOW

AWS CloudTrail logging is disabled


It is recommended to have a proper logging process for AWS CloudTrail in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime


resource "aws_cloudtrail" "pass" {
  name                          = "TRAIL"
  s3_bucket_name                = aws_s3_bucket.test.id
  include_global_service_events = true
  enable_logging = true
  kms_key_id                    = aws_kms_key.test.arn