CloudTrail Logging Disabled

  • Query id: d4a73c49-cbaa-4c6f-80ee-d6ef5a3a26f5
  • Query name: CloudTrail Logging Disabled
  • Platform: Ansible
  • Severity: Medium
  • Category: Observability
  • CWE: 778
  • URL: Github

Description

Checks if logging is enabled for CloudTrail.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: example
  community.aws.cloudtrail:
    state: present
    name: default
    enable_logging: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: example
  community.aws.cloudtrail:
    state: present
    name: default
    enable_logging: true