Fugue.AWS.CloudTrail.Compliance

Module Members

allRegionsLoggingEnabled

(Function)

Check that there is a multi-region trail with logging enabled and log file validation enabled.

Type Signature

 fun { references: Optional<List<String>> } -> fun (NodeStream) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( NodeStream) -> Validation

hasEncryptionKey

(Function)

Check that an encryption key is set on the CloudWatch trail. This protects “data at rest”.

Type Signature

 fun { references: Optional<List<String>> } -> fun (Trail) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Trail) -> Validation

logsToCloudWatch

(Function)

Check that the CloudTrail is associated with a CloudWatch log group.

Type Signature

 fun { references: Optional<List<String>> } -> fun (Trail) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Trail) -> Validation

s3TargetAccessLoggingEnabled

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (Trail) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Trail) -> Validation

s3TargetPrivate

(Function)

Check that the target bucket of a cloud trail has an ACL that makes it inaccessible by other accounts or public.

This does not currently check inline policies.

Type Signature

 fun { references: Optional<List<String>> } -> fun (Trail) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Trail) -> Validation

specificRegionsLoggingEnabled

(Function)

This is a version of allRegionsLoggingEnabled that does not require a trail with multi-region enabled. However, you do need to specify all the regions that you care about yourself.

Example:

import Fugue.AWS.Region
import Fugue.AWS.CloudTrail.Compliance

validate Fugue.AWS.CloudTrail.Compliance.specificRegionsLoggingEnabled {
  regions: [Fugue.AWS.Region.Us-east-1]
}

Type Signature

 fun { regions: List<Region>,
       references: Optional<List<String>> } -> fun (NodeStream) -> Validation
Argument: regions
Type: List<Region>
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( NodeStream) -> Validation