Create CloudTrail trail with Log group

[khaitranhq]

trafficstars

Describe what happened

When creating an AWS CloudTrail trail with the CloudWatch Logs integration enabled, the specified log group is successfully created, but no logs are being delivered to it. There is nothing in CloudWatch Logs section in Trail page.

Sample program

import * as awsx from '@pulumi/awsx';

new awsx.cloudtrail.Trail('trail', {
  cloudWatchLogsGroup: {
    args: {
      retentionInDays: 7,
      skipDestroy: false
    },
    enable: true
  },
  enableLogging: true,
  name: 'trail',
  s3Bucket: {
    args: {
      forceDestroy: true
    }
  }
});

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

Version      3.204.0
Go Version   go1.25.3
Go Compiler  gc

Plugins
KIND      NAME          VERSION
resource  aws           7.10.0
resource  awsx          3.0.1
resource  docker        4.9.0
resource  docker        3.6.1
resource  docker-build  0.0.14
language  nodejs        3.204.0

Host
OS       ubuntu
Version  22.04
Arch     x86_64

This project is written in nodejs: executable='/home/***/.local/share/nvm/v22.16.0/bin/node' version='v22.16.0'

Current Stack: organization/alarm-access-pending-deletion-kms-key/dev

TYPE                              URN
pulumi:pulumi:Stack               urn:pulumi:dev::alarm-access-pending-deletion-kms-key::pulumi:pulumi:Stack::alarm-access-pending-deletion-kms-key-dev
pulumi:providers:awsx             urn:pulumi:dev::alarm-access-pending-deletion-kms-key::pulumi:providers:awsx::default_3_0_1
awsx:cloudtrail:Trail             urn:pulumi:dev::alarm-access-pending-deletion-kms-key::awsx:cloudtrail:Trail::trail
pulumi:providers:aws              urn:pulumi:dev::alarm-access-pending-deletion-kms-key::pulumi:providers:aws::default_7_7_0
aws:cloudwatch/logGroup:LogGroup  urn:pulumi:dev::alarm-access-pending-deletion-kms-key::awsx:cloudtrail:Trail$aws:cloudwatch/logGroup:LogGroup::trail
aws:s3/bucket:Bucket              urn:pulumi:dev::alarm-access-pending-deletion-kms-key::awsx:cloudtrail:Trail$aws:s3/bucket:Bucket::trail
aws:s3/bucketPolicy:BucketPolicy  urn:pulumi:dev::alarm-access-pending-deletion-kms-key::awsx:cloudtrail:Trail$aws:s3/bucketPolicy:BucketPolicy::trail
aws:cloudtrail/trail:Trail        urn:pulumi:dev::alarm-access-pending-deletion-kms-key::awsx:cloudtrail:Trail$aws:cloudtrail/trail:Trail::trail
pulumi:providers:pulumi           urn:pulumi:dev::alarm-access-pending-deletion-kms-key::pulumi:providers:pulumi::default


Found no pending operations associated with dev

Backend
Name           *****
URL            s3://*****
User           *****
Organizations
Token type     personal

Pulumi locates its logs in /tmp by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[Graham-Pedersen]

Hmmm are we sure this is a Pulumi error vs a configuration error with the cloudtrail is being set up? Can you investigate and try to manually get it to work through the console and see what steps needed to be taken?

After that we can work together to see if it was something that the Pulumi program was missing, or if there is something the provider is doing strangely.

Thanks for posting this and hopefully we can get you unblocked soon!

[khaitranhq]

After running the Pulumi code above, CloudWatch Logs are not enabled. To proceed, I need to manually enable logging and specify the appropriate log group and IAM role. Also, I see that the CloudWatch log group was still created successfully

[corymhall]

@khaitranhq thanks for reporting this, I've created a PR to fix the issue.

[pulumi-bot]

This issue has been addressed in PR #1763 and shipped in release v3.1.0.

[pulumi-bot]

This issue has been addressed in PR #1763 and shipped in release v3.1.0.