v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_thrifty
Overview
18Dashboards
51Controls
0Queries
29Variables
GitHub

Control: Are there redundant global CloudTrail trails?

Description

Your first cloudtrail in each account is free, additional trails are expensive.

Usage

Run the control in your terminal:

powerpipe control run aws_thrifty.control.multiple_global_trails

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_thrifty.control.multiple_global_trails --share

Steampipe Tables

aws_cloudtrail_trail
Amazon Web Services plugin

SQL

with global_trails as (
  select
    account_id,
    count(*) as total
  from
    aws_cloudtrail_trail
  where
    is_multi_region_trail and region = home_region
  group by
    account_id,
    is_multi_region_trail
)
select
  arn as resource,
  case
    when total > 1 then 'alarm'
    else 'ok'
  end as status,
  case
    when total > 1 then name || ' is one of ' || total || ' global trails.'
    else name || ' is the only global trail.'
  end as reason
  
  , t.region, t.account_id
from
  aws_cloudtrail_trail as t,
  global_trails
where
  is_multi_region_trail
  and region = home_region;

Tags

category = Cost
class = managed
plugin = aws
service = AWS/CloudTrail