cloudtrail-enabled - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).



For this rule, the rule identifier (CLOUD_TRAIL_ENABLED) and rule name (cloudtrail-enabled) are different.

Checks if an Amazon CloudTrail trail is enabled in your Amazon account. The rule is NON_COMPLIANT if a trail is not enabled. Optionally, the rule checks a specific S3 bucket, Amazon Simple Notification Service (Amazon SNS) topic, and CloudWatch log group.


Trigger type: Periodic

Amazon Web Services Region: All supported Amazon regions


s3BucketName (Optional)
Type: String

Name of S3 bucket for CloudTrail to deliver log files to.

snsTopicArn (Optional)
Type: String

SNS topic ARN for CloudTrail to use for notifications.

cloudWatchLogsLogGroupArn (Optional)
Type: String

CloudWatch log group ARN for CloudTrail to send data to.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.