github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/avd_docs/aws/cloudtrail/AVD-AWS-0161/Terraform.md (about) 1 2 Restrict public access to the S3 bucket 3 4 ```hcl 5 resource "aws_cloudtrail" "good_example" { 6 is_multi_region_trail = true 7 s3_bucket_name = "abcdefgh" 8 9 event_selector { 10 read_write_type = "All" 11 include_management_events = true 12 13 data_resource { 14 type = "AWS::S3::Object" 15 values = ["${data.aws_s3_bucket.important-bucket.arn}/"] 16 } 17 } 18 } 19 20 resource "aws_s3_bucket" "good_example" { 21 bucket = "abcdefgh" 22 acl = "private" 23 } 24 25 ``` 26 27 #### Remediation Links 28 - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail 29