AWS CloudTrail does not define an SNS Topic
Description
AWS CloudTrail is a service that records API activity in your AWS account, including all API calls made to AWS services and the associated responses. By sending CloudTrail log events to an SNS topic, you can set up notifications that will be sent to you whenever certain types of activity occur in your AWS environment. In addition, sending CloudTrail log events to an SNS topic also allows you to store the log events in a central location, such as an Amazon S3 bucket, for analysis and reporting purposes. This can be useful for compliance, auditing, and other types of monitoring.
Code Example
go
resource "aws_cloudtrail" "pass" {
name = "TRAIL"
s3_bucket_name = aws_s3_bucket.test.id
include_global_service_events = true
enable_logging = false
is_multi_region_trail = false
sns_topic_name = aws_sns_topic.notes.arn
tags = { test = "Fail" }
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0300 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_252 |