Action trail logging for all regions disabled

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Action trail logging for all regions disabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: c065b98e-1515-4991-9dca-b602bd6a2fbb

Cloud Provider: Alicloud

Platform: Terraform

Severity: Medium

Category: Observability

Learn More

Provider Reference

Description

ActionTrail logging must be enabled for all regions. This rule checks that each alicloud_actiontrail_trail resource:

Includes the oss_bucket_name attribute
Sets both event_rw and trail_region attributes to All

Missing attributes trigger a MissingAttribute issue. Incorrect values trigger an IncorrectValue issue, with suggested remediation to add or correct the attribute.

Compliant Code Examples

resource "alicloud_actiontrail_trail" "actiontrail1" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "All"
  trail_region       = "All"
}

Non-Compliant Code Examples

resource "alicloud_actiontrail_trail" "actiontrail7" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "Write"
  trail_region       = "cn-beijing"
}

resource "alicloud_actiontrail_trail" "actiontrail3" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "Read"
  trail_region       = "cn-hangzhou"
}

resource "alicloud_actiontrail_trail" "actiontrail4" {
  trail_name         = "action-trail"
  oss_write_role_arn = "acs:ram::1182725xxxxxxxxxxx"
  oss_bucket_name    = "bucket_name"
  event_rw           = "Write"
  trail_region       = "cn-hangzhou"
}