Change default for logging in CloudTrail to true

The default for `enable_logging`, which defines whether CloudTrail
actually logs events was originally written as defaulting to `false`,
since that's how AWS creates trails.

`true` is likely a better default for Terraform users.

Changed the default and updated the docs.
Changed the acceptance tests to verify new default behavior.
This commit is contained in:
Paul Forman 2015-11-22 10:47:23 -07:00
parent c9eeb161e0
commit 484887c0c5
3 changed files with 9 additions and 8 deletions

View File

@ -25,7 +25,7 @@ func resourceAwsCloudTrail() *schema.Resource {
"enable_logging": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: false,
Default: true,
},
"s3_bucket_name": &schema.Schema{
Type: schema.TypeString,

View File

@ -51,23 +51,23 @@ func TestAccAWSCloudTrail_enable_logging(t *testing.T) {
Config: testAccAWSCloudTrailConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
// This is a warning test. AWS sets up new trails with logging disabled
// Should that change in the future, this test should fail.
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
// AWS will create the trail with logging turned off.
// Test that "enable_logging" default works.
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail),
),
},
resource.TestStep{
Config: testAccAWSCloudTrailConfigModified,
Check: resource.ComposeTestCheckFunc(
testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail),
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
),
},
resource.TestStep{
Config: testAccAWSCloudTrailConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail),
),
},
},
@ -193,7 +193,7 @@ resource "aws_cloudtrail" "foobar" {
s3_bucket_name = "${aws_s3_bucket.foo.id}"
s3_key_prefix = "/prefix"
include_global_service_events = false
enable_logging = true
enable_logging = false
}
resource "aws_s3_bucket" "foo" {

View File

@ -64,7 +64,8 @@ The following arguments are supported:
endpoint to assume to write to a users log group.
* `cloud_watch_logs_group_arn` - (Optional) Specifies a log group name using an Amazon Resource Name (ARN),
that represents the log group to which CloudTrail logs will be delivered.
* `enable_logging` - (Optional) Enables logging for the trail. Defaults to `false`.
* `enable_logging` - (Optional) Enables logging for the trail. Defaults to `true`.
Setting this to `false` will pause logging.
* `include_global_service_events` - (Optional) Specifies whether the trail is publishing events
from global services such as IAM to the log files. Defaults to `true`.
* `sns_topic_name` - (Optional) Specifies the name of the Amazon SNS topic