Action trail logging for all regions disabled

Este producto no es compatible con el sitio Datadog seleccionado. ().
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Metadata

Id: c065b98e-1515-4991-9dca-b602bd6a2fbb

Cloud Provider: Alicloud

Platform: Terraform

Severity: Medium

Category: Observability

Learn More

Description

ActionTrail logging must be enabled for all regions. This rule checks that each alicloud_actiontrail_trail resource:

  • Includes the oss_bucket_name attribute
  • Sets both event_rw and trail_region attributes to All

Missing attributes trigger a MissingAttribute issue. Incorrect values trigger an IncorrectValue issue, with suggested remediation to add or correct the attribute.

Compliant Code Examples

resource "alicloud_actiontrail_trail" "actiontrail1" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "All"
  trail_region       = "All"
}

Non-Compliant Code Examples

resource "alicloud_actiontrail_trail" "actiontrail7" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "Write"
  trail_region       = "cn-beijing"
}

resource "alicloud_actiontrail_trail" "actiontrail3" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "Read"
  trail_region       = "cn-hangzhou"
}

resource "alicloud_actiontrail_trail" "actiontrail4" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "Write"
  trail_region       = "cn-hangzhou"
}