Control: Redundant enabled global ActionTrail trails should be reviewed
Description
Your ActionTrail trails in each account are charged based on the billing policies of an Object Storage Service (OSS) bucket or a Log Service Logstore.
Usage
Run the control in your terminal:
powerpipe control run alicloud_thrifty.control.actiontrail_multiple_global_trails
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_thrifty.control.actiontrail_multiple_global_trails --share
Steampipe Tables
SQL
with global_trails as ( select count(*) as total from alicloud_action_trail where trail_region = 'All' and status = 'Enable')select 'acs:actiontrail:' || home_region || ':' || account_id || ':actiontrail/' || name as resource, case when total > 1 then 'alarm' else 'ok' end as status, case when total > 1 then name || ' is one of ' || total || ' global trails.' else name || ' is the only global trail.' end as reason , account_id, regionfrom alicloud_action_trail, global_trailswhere trail_region = 'All' and status = 'Enable';