Turbot Guardrails Hub 
Hub
Policy Packs
AWS CIS v3.0.0 - Section 3 - Logging
Overview
16
Policy Settings
2
VariablesDevelopersGithub

Policy Setting: AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Bucket

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_trail_bucket" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/aws#/policy/types/trailBucket"
  note           = "AWS CIS v3.0.0 - Controls: 3.1"
  template_input = var.logging_bucket != "" ? null : <<-EOT
    {
      turbotLoggingBucket: policy(uri: "aws#/policy/types/loggingBucketDefault")
    }
    EOT
  template       = var.logging_bucket != "" ? var.logging_bucket : <<-EOT
    {%- if $.turbotLoggingBucket -%}


      {{ $.turbotLoggingBucket | json }}


    {%- else -%}


      ""


    {%- endif -%}
  EOT
}