Turbot Guardrails Hub 
Hub
Policy Packs
AWS CIS v3.0.0 - Section 3 - Logging
Overview
16
Policy Settings
2
VariablesDevelopersGithub

Policy Setting: AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption Key

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_trail_encryption_key" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/aws#/policy/types/trailEncryptionKey"
  note           = "AWS CIS v3.0.0 - Controls: 3.1"
  template_input = <<-EOT
    {
      resource {
        children(filter: "resourceTypeId:tmod:@turbot/aws-kms#/resource/types/key level:self,descendant limit:5000") {
          items {
            AliasName: get(path: "AliasName")
            KeyArn: get(path: "KeyArn")
          }
        }
      }
    }
    EOT
  template       = <<-EOT
    {%-  for key in $.resource.children.items -%}


      {%- if key.AliasName == "${var.kms_key_alias}" -%}


        {{ key.KeyArn | json }}


      {%- endif -%}


    {%- endfor -%}
    EOT
}