Finding & Appending bucket to Cloudtrail logging

Question

A co-worker created and setup a working Cloudtrail logger:

resource "aws_cloudtrail" "cloudtrail" {                                       
  name                          = "logger"
  s3_bucket_name                = "bucket-name"
  include_global_service_events = true
  enable_logging                = true
  is_multi_region_trail         = true
  enable_log_file_validation    = true
}

Now i've created a bucket, and when I go to the AWS GUI I can see "logger" as an option for the bucket object level logging. However when I create the bucket with terraform for the life of me I cannot figure out how to "find" this cloudtrail, and then once I find it append this bucket to the logger.

Answer 1

CloudTrail has two main type of events: * Management events: which in S3's case is bucket-level operations, and * Data events: which in S3's case is object-level operations.

Given that you need new buckets created with object-level logging turned on, then you need to create a CloudTrail Trail with data events enabled.

According to terraform's documentation you need to enable data events separately.

(From CloudTrail's documentation, data events are enabled through PutEventSelectors.)

From their documentation, this would be a more appropriate CloudTrail configuration to enable S3 object level logging on all S3 buckets:

resource "aws_cloudtrail" "cloudtrail" {                                       
  name                          = "logger"
  s3_bucket_name                = "bucket-name"
  include_global_service_events = true
  enable_logging                = true
  is_multi_region_trail         = true
  enable_log_file_validation    = true

  event_selector {
    read_write_type           = "All" # Include read and write events
    include_management_events = true  # Include management events as well

    data_resource {
      type = "AWS::S3::Object"
      values = ["arn:aws:s3:::"]
    }
  }
}