multi-region-cloudtrail-enabled
Important
For this rule, the rule identifier (MULTI_REGION_CLOUD_TRAIL_ENABLED) and rule name (multi-region-cloudtrail-enabled) are different.
Checks if there is at least one multi-region Amazon CloudTrail. The rule is NON_COMPLIANT if the trails do not match input parameters.
The rule is NON_COMPLIANT if the ExcludeManagementEventSources
field is not empty or if Amazon CloudTrail is configured to exclude management events such as Amazon KMS events or Amazon RDS Data API events.
Identifier: MULTI_REGION_CLOUD_TRAIL_ENABLED
Trigger type: Periodic
Amazon Web Services Region: All supported Amazon regions except Middle East (UAE) Region
Parameters:
- s3BucketName (Optional)
- Type: String
-
Name of Amazon S3 bucket for Amazon CloudTrail to deliver log files to.
- snsTopicArn (Optional)
- Type: String
-
Amazon SNS topic ARN for Amazon CloudTrail to use for notifications.
- cloudWatchLogsLogGroupArn (Optional)
- Type: String
-
Amazon CloudWatch log group ARN for Amazon CloudTrail to send data to.
- includeManagementEvents (Optional)
- Type: boolean
-
Event selector to include management events for the Amazon CloudTrail.
- readWriteType (Optional)
- Type: String
-
Type of events to record. Valid values are ReadOnly, WriteOnly and ALL.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.