Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multi-region-cloudtrail-enabled always fails #401

Open
pnutshellmenace opened this issue Jan 21, 2023 · 0 comments
Open

multi-region-cloudtrail-enabled always fails #401

pnutshellmenace opened this issue Jan 21, 2023 · 0 comments

Comments

@pnutshellmenace
Copy link

Can't seem to get multi-region-cloudtrail-enabled to pass no matter what I do. The trail is configured as:

        {
            "Name": "REDACTED",
            "S3BucketName": "REDACTED",
            "IncludeGlobalServiceEvents": true,
            "IsMultiRegionTrail": true,
            "HomeRegion": "us-east-1",
            "TrailARN": "REDACTED",
            "LogFileValidationEnabled": true,
            "CloudWatchLogsLogGroupArn": "REDACTED",
            "CloudWatchLogsRoleArn": "REDACTED",
            "KmsKeyId": "REDACTED",
            "HasCustomEventSelectors": true,
            "HasInsightSelectors": true,
            "IsOrganizationTrail": true
        }

It is also configured to include management events, S3 data events, Lambda data events.

Trail status (from aws cloudtrail get-trail-status):

{
    "IsLogging": true,
    "LatestDeliveryTime": "2023-01-21T13:58:49.666000-05:00",
    "LatestNotificationTime": "2023-01-19T10:41:45.793000-05:00",
    "StartLoggingTime": "2023-01-19T10:25:48.120000-05:00",
    "LatestCloudWatchLogsDeliveryTime": "2023-01-21T14:00:23.026000-05:00",
    "LatestDigestDeliveryTime": "2023-01-21T13:45:44.749000-05:00",
    "LatestDeliveryAttemptTime": "2023-01-21T18:58:49Z",
    "LatestNotificationAttemptTime": "2023-01-21T18:43:20Z",
    "LatestNotificationAttemptSucceeded": "2023-01-19T15:41:45Z",
    "LatestDeliveryAttemptSucceeded": "2023-01-21T18:58:49Z",
    "TimeLoggingStarted": "2023-01-19T15:25:48Z",
    "TimeLoggingStopped": ""
}

Lines 215-216 in CLOUDTRAIL_ENABLED_V2.py contain this:

        if 'LatestDeliveryError' in trail_status:
            continue

That is my best guess as to where the NON_COMPLIANT result is coming from. I don't see LatestDeliveryError when I make a aws cloudtrail get-trail-status api call - it's not a property in the returned json (referenced above). I don't really understand the purpose of that logic to begin with. Why should LatestDeliveryError be in the status json? Shouldn't the expectation be that there isn't an error?

I'm not positive this is the reason for the failure, but it is the best I can tell from interpreting the code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pnutshellmenace