github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/avd_docs/aws/cloudtrail/AVD-AWS-0162/Terraform.md

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/avd_docs/aws/cloudtrail/AVD-AWS-0162/Terraform.md (about)

     1  
     2  Enable logging to CloudWatch
     3  
     4  ```hcl
     5   resource "aws_cloudtrail" "good_example" {
     6     is_multi_region_trail = true
     7     cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.example.arn}:*" 
     8  
     9   
    10     event_selector {
    11       read_write_type           = "All"
    12       include_management_events = true
    13   
    14       data_resource {
    15         type = "AWS::S3::Object"
    16         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    17       }
    18     }
    19   }
    20  
    21  resource "aws_cloudwatch_log_group" "example" {
    22    name = "Example"
    23  }
    24   
    25  ```
    26  
    27  #### Remediation Links
    28   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail
    29