### # CLOUD_TRAIL_ENABLED tests ### --- - name: Empty, SKIP input: {} expectations: rules: CLOUD_TRAIL_ENABLED: SKIP - name: No resources, SKIP input: Resources: {} expectations: rules: CLOUD_TRAIL_ENABLED: SKIP - name: CloudTrail Trail IsLogging set to true, PASS input: Resources: ExampleTrail: Type: "AWS::CloudTrail::Trail" Properties: S3BucketName: !Ref BucketName S3KeyPrefix: "Uluru" IsLogging: true TrailName: !Ref TrailName EnableLogFileValidation: true IncludeGlobalServiceEvents: true IsMultiRegionTrail: true KMSKeyId: alias/MyAliasName expectations: rules: CLOUD_TRAIL_ENABLED: PASS - name: CloudTrail Trail IsLogging set false, FAIL input: Resources: ExampleTrail: Type: "AWS::CloudTrail::Trail" Properties: S3BucketName: !Ref BucketName S3KeyPrefix: "Uluru" IsLogging: false TrailName: !Ref TrailName EnableLogFileValidation: false IncludeGlobalServiceEvents: true IsMultiRegionTrail: true KMSKeyId: alias/MyAliasName expectations: rules: CLOUD_TRAIL_ENABLED: FAIL - name: CloudTrail Trail IsLogging property missing, FAIL input: Resources: ExampleTrail: Type: AWS::CloudTrail::Trail Properties: S3BucketName: !Ref BucketName S3KeyPrefix: "Uluru" TrailName: !Ref TrailName IncludeGlobalServiceEvents: true IsMultiRegionTrail: true expectations: rules: CLOUD_TRAIL_ENABLED: FAIL - name: CloudTrail Trail IsLogging property missing but rule suppressed, SKIP input: Resources: ExampleTrail: Type: AWS::CloudTrail::Trail Metadata: guard: SuppressedRules: - CLOUD_TRAIL_ENABLED Properties: S3BucketName: !Ref BucketName S3KeyPrefix: "Uluru" TrailName: !Ref TrailName IncludeGlobalServiceEvents: true IsMultiRegionTrail: true expectations: rules: CLOUD_TRAIL_ENABLED: SKIP