Turbot Guardrails Hub 
Hub
Policy Packs
AWS CIS v3.0.0 - Section 3 - Logging
Overview
16
Policy Settings
2
VariablesDevelopersGithub

Policy Setting: AWS > S3 > Bucket > Access Logging > Bucket

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_s3_bucket_access_logging_bucket" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/aws-s3#/policy/types/bucketAccessLoggingBucket"
  note           = "AWS CIS v3.0.0 - Controls: 3.4"
  template_input = var.logging_bucket != "" ? null : <<-EOT
    {
      turbotLoggingBucket: policy(uri: "aws#/policy/types/loggingBucketDefault")
    }
    EOT
  template       = var.logging_bucket != "" ? var.logging_bucket : <<-EOT
    {%- if $.turbotLoggingBucket -%}


      {{ $.turbotLoggingBucket | json }}


    {%- else -%}


      ""


    {%- endif -%}
  EOT
}