CloudTrail Multi Region Disabled
- Query id: 8173d5eb-96b5-4aa6-a71b-ecfa153c123d
- Query name: CloudTrail Multi Region Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- URL: Github
Description¶
CloudTrail multi region should be enabled, which means attributes 'is_multi_region_trail' and 'include_global_service_events' should be enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
#this is a problematic code where the query should report a result(s)
resource "aws_cloudtrail" "positive1" {
name = "npositive_1"
s3_bucket_name = "bucketlog_1"
}
Positive test num. 2 - tf file
resource "aws_cloudtrail" "positive2" {
name = "npositive_2"
s3_bucket_name = "bucketlog_2"
is_multi_region_trail = false
}
Positive test num. 3 - tf file
resource "aws_cloudtrail" "positive3" {
name = "npositive_3"
s3_bucket_name = "bucketlog_3"
is_multi_region_trail = true
include_global_service_events = false
}