diff --git a/builtin/providers/aws/resource_aws_cloudtrail_test.go b/builtin/providers/aws/resource_aws_cloudtrail_test.go index 10ed17a5b..7bf76219b 100644 --- a/builtin/providers/aws/resource_aws_cloudtrail_test.go +++ b/builtin/providers/aws/resource_aws_cloudtrail_test.go @@ -39,6 +39,39 @@ func TestAccAWSCloudTrail_basic(t *testing.T) { }) } +func TestAccAWSCloudTrail_enable_logging(t *testing.T) { + var trail cloudtrail.Trail + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCloudTrailDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudTrailConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail), + testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail), + ), + }, + resource.TestStep{ + Config: testAccAWSCloudTrailConfigModified, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail), + testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail), + ), + }, + resource.TestStep{ + Config: testAccAWSCloudTrailConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail), + testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail), + ), + }, + }, + }) +} + func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -63,6 +96,30 @@ func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.Te } } +func testAccCheckCloudTrailLoggingEnabled(n string, desired bool, trail *cloudtrail.Trail) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn + params := cloudtrail.GetTrailStatusInput{ + Name: aws.String(rs.Primary.ID), + } + resp, err := conn.GetTrailStatus(¶ms) + + if err != nil { + return err + } + if *resp.IsLogging != desired { + return fmt.Errorf("Logging status is incorrect") + } + + return nil + } +} + func testAccCheckAWSCloudTrailDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn @@ -134,6 +191,7 @@ resource "aws_cloudtrail" "foobar" { s3_bucket_name = "${aws_s3_bucket.foo.id}" s3_key_prefix = "/prefix" include_global_service_events = false + enable_logging = true } resource "aws_s3_bucket" "foo" { diff --git a/website/source/docs/providers/aws/r/cloudtrail.html.markdown b/website/source/docs/providers/aws/r/cloudtrail.html.markdown index d4ba604fc..0f21f4670 100644 --- a/website/source/docs/providers/aws/r/cloudtrail.html.markdown +++ b/website/source/docs/providers/aws/r/cloudtrail.html.markdown @@ -16,6 +16,7 @@ resource "aws_cloudtrail" "foobar" { name = "tf-trail-foobar" s3_bucket_name = "${aws_s3_bucket.foo.id}" s3_key_prefix = "/prefix" + enable_logging = true include_global_service_events = false } @@ -63,6 +64,7 @@ The following arguments are supported: endpoint to assume to write to a user’s log group. * `cloud_watch_logs_group_arn` - (Optional) Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered. +* `enable_logging` - (Optional) Enables logging for the trail. Defaults to `false`. * `include_global_service_events` - (Optional) Specifies whether the trail is publishing events from global services such as IAM to the log files. Defaults to `true`. * `sns_topic_name` - (Optional) Specifies the name of the Amazon SNS topic