Policy Setting: AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Bucket

resource "turbot_policy_setting" "aws_trail_bucket" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/aws#/policy/types/trailBucket"
  note           = "AWS CIS v3.0.0 - Controls: 3.1"
  template_input = var.logging_bucket != "" ? null : <<-EOT
    {
      turbotLoggingBucket: policy(uri: "aws#/policy/types/loggingBucketDefault")
    }
    EOT
  template       = var.logging_bucket != "" ? var.logging_bucket : <<-EOT
    {%- if $.turbotLoggingBucket -%}

      {{ $.turbotLoggingBucket | json }}

    {%- else -%}

      ""

    {%- endif -%}
  EOT
}