---
title: CloudTrail SNS topic name undefined
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > CloudTrail SNS topic name undefined
---

# CloudTrail SNS topic name undefined

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `terraform-aws-cloudtrail-sns-topic-name-undefined` 

**Provider:** AWS

**Platform:** Terraform

**Severity:** Low

**Category:** Observability

#### Learn More{% #learn-more %}

- [Provider Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail)

### Description{% #description %}

This check verifies whether an Amazon CloudTrail resource is configured to send logs to an SNS topic by setting the `sns_topic_name` attribute. Without specifying `sns_topic_name`, CloudTrail will not publish notifications of log file delivery events to Amazon SNS, which could result in missed alerts or delayed incident response. To address this, you should configure CloudTrail with an SNS topic, as shown below:

```
resource "aws_cloudtrail" "example" {
  // ... other configuration ...
  sns_topic_name = "some-topic"
}
```

## Compliant Code Examples{% #compliant-code-examples %}

```terraform
resource "aws_cloudtrail" "negative1" {
  # ... other configuration ...

  sns_topic_name = "some-topic"
}
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```terraform
resource "aws_cloudtrail" "positive1" {
  # ... other configuration ...
}

resource "aws_cloudtrail" "positive2" {
  # ... other configuration ...

  sns_topic_name = null
}
```