Header menu logo FsCDK

CloudTrailConfig Type

High-level CloudTrail builder following AWS security best practices. **Default Security Settings:** - IsMultiRegionTrail = true (captures events from all regions) - IncludeGlobalServiceEvents = true (includes IAM, STS, CloudFront events) - EnableFileValidation = true (enables log file integrity validation) - ManagementEvents = ReadWriteType.ALL (logs all management events) - SendToCloudWatchLogs = true (enables CloudWatch Logs integration) **Rationale:** CloudTrail provides audit logs of all AWS API calls, which is critical for: - Security incident investigation and forensics - Compliance requirements (HIPAA, PCI-DSS, SOC2, GDPR) - Detecting unauthorized access or privilege escalation - Meeting AWS Well-Architected Framework security pillar requirements Per "Security as Code" (O'Reilly): "Log all API calls with CloudTrail. This is non-negotiable for security monitoring." **Note on Costs:** The first trail recording management events is free. Additional trails or data events incur charges. CloudWatch Logs integration has additional costs but provides real-time monitoring capabilities.

Record fields

Record Field Description

CloudWatchLogsRetention

Full Usage: CloudWatchLogsRetention

Field type: RetentionDays option
Field type: RetentionDays option

ConstructId

Full Usage: ConstructId

Field type: string option
Field type: string option

EnableFileValidation

Full Usage: EnableFileValidation

Field type: bool option
Field type: bool option

IncludeGlobalServiceEvents

Full Usage: IncludeGlobalServiceEvents

Field type: bool option
Field type: bool option

IsMultiRegionTrail

Full Usage: IsMultiRegionTrail

Field type: bool option
Field type: bool option

IsOrganizationTrail

Full Usage: IsOrganizationTrail

Field type: bool option
Field type: bool option

ManagementEvents

Full Usage: ManagementEvents

Field type: ReadWriteType option
Field type: ReadWriteType option

S3Bucket

Full Usage: S3Bucket

Field type: IBucket option
Field type: IBucket option

SendToCloudWatchLogs

Full Usage: SendToCloudWatchLogs

Field type: bool option
Field type: bool option

TrailName

Full Usage: TrailName

Field type: string
Field type: string

Type something to start searching.