cloudtrail-enabled

Important

For this rule, the rule identifier (CLOUD_TRAIL_ENABLED) and rule name (cloudtrail-enabled) are different.

Checks if an Amazon CloudTrail trail is enabled in your Amazon account. The rule is NON_COMPLIANT if a trail is not enabled. Optionally, the rule checks a specific S3 bucket, Amazon Simple Notification Service (Amazon SNS) topic, and CloudWatch log group.

Identifier: CLOUD_TRAIL_ENABLED

Trigger type: Periodic

Amazon Web Services Region: All supported Amazon regions

Parameters:

s3BucketName (Optional)
Type: String: Name of S3 bucket for CloudTrail to deliver log files to.
snsTopicArn (Optional)
Type: String: SNS topic ARN for CloudTrail to use for notifications.
cloudWatchLogsLogGroupArn (Optional)
Type: String: CloudWatch log group ARN for CloudTrail to send data to.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

cloud-trail-cloud-watch-logs-enabled

cloud-trail-encryption-enabled