Control: At least one CloudTrail trail should be enabled in the AWS account
Description
Ensure that at least one CloudTrail trail is enabled in the AWS account.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cloudtrail_trail_enabled_accountSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cloudtrail_trail_enabled_account --shareSQL
This control uses a named query:
with trails_enabled_account as ( select account_id, count(*) as num from aws_cloudtrail_trail where home_region = region and is_logging group by account_id)select a.arn as resource, case when b.num > 0 then 'ok' else 'alarm' end as status, case when b.num > 0 then a.title || ' has ' || b.num || ' trails enabled.' else a.title || ' has no trail enabled.' end as reason , a.region, a.account_idfrom aws_account as a left join trails_enabled_account b on a.account_id = b.account_id;