aws_cloudtrail_trails

Use the aws_cloudtrail_trails InSpec audit resource to test properties of a collection of AWS CloudTrail Trails.

Syntax

An aws_cloudtrail_trails resource block returns all CloudTrail Trails and allows the testing of those trails.

describe aws_cloudtrail_trails do
  it { should exist }
end

Parameters

This resource does not expect any parameters.

See also the AWS documentation on Auto Scaling Group.

Properties

Property Description
trail_arns Specifies the ARNs of the trails.
names The names of the trails.
entries Provides access to the raw results of the query, which can be treated as an array of hashes.

Examples

Ensure a CloudTrail with a specific name exists
describe aws_cloudtrail_trails do
  its('names') { should include('trail-1') }
end
Ensure a CloudTrail with a specific arn exists
describe aws_cloudtrail_trails do
  its('trail_arns') { should include('arn:aws:cloudtrail:us-east-1::trail/trail-1') }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_cloudtrail_trails do
  it { should exist }
end

describe aws_cloudtrail_trails do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the cloudtrail:DescribeTrails action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for AWS CloudTrail.