cloudtrail-all-read-s3-data-event-check - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

cloudtrail-all-read-s3-data-event-check

Checks if an Amazon CloudTrail multi-Region trail is enabled and logs all read S3 data events for your buckets. The rule is NON_COMPLIANT if no multi-Region trail logs all read S3 data event types for all current and future S3 buckets.

Identifier: CLOUDTRAIL_ALL_READ_S3_DATA_EVENT_CHECK

Resource Types: AWS::::Account

Trigger type: Periodic

Amazon Web Services Region: All supported Amazon regions

Parameters:

None

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.