turbot/alicloud_thrifty
Loading controls...

Control: Redundant enabled global ActionTrail trails should be reviewed

Description

Your ActionTrail trails in each account are charged based on the billing policies of an Object Storage Service (OSS) bucket or a Log Service Logstore.

Usage

Run the control in your terminal:

powerpipe control run alicloud_thrifty.control.actiontrail_multiple_global_trails

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_thrifty.control.actiontrail_multiple_global_trails --share

Steampipe Tables

SQL

with global_trails as (
select
count(*) as total
from
alicloud_action_trail
where
trail_region = 'All'
and status = 'Enable'
)
select
'acs:actiontrail:' || home_region || ':' || account_id || ':actiontrail/' || name as resource,
case
when total > 1 then 'alarm'
else 'ok'
end as status,
case
when total > 1 then name || ' is one of ' || total || ' global trails.'
else name || ' is the only global trail.'
end as reason,
account_id,
region
from
alicloud_action_trail,
global_trails
where
trail_region = 'All'
and status = 'Enable';

Tags