terraform-aws-control_tower_account_factory icon indicating copy to clipboard operation
terraform-aws-control_tower_account_factory copied to clipboard

Published 20 hours ago verified publisher icon aws-ia

CloudTrail Data Events S3 bucket is created even if aft_feature_cloudtrail_data_events is set to false

Open agnasillo opened this issue 1 year ago • 1 comments

Terraform Version & Prov:

AFT Version: 1.12.0 (Can be found in the AFT Management Account in the SSM Parameter /aft/config/aft/version)

Terraform Version & Provider Versions Please provide the outputs of terraform version and terraform providers from within your AFT environment

terraform version

1.6.0

terraform providers

hashicorp/aws = 5.21.0

Bug Description S3 bucket aws-aft-logs-${ACCOUNT-ID}-${REGION} is created even if aft_feature_cloudtrail_data_events is set to false

To Reproduce Steps to reproduce the behavior:

  1. Set aft_feature_cloudtrail_data_events as false for aws-ia/control_tower_account_factory/aws module.
  2. Login into the AFT Management account
  3. See that s3 bucket aws-aft-logs-${ACCOUNT-ID}-${REGION} exists, e.g. aws-aft-logs-11111111111-us-east-1 is created

Expected behavior Bucket should not be created and remain empty if user opts out of cloudtrail data events feature.

Related Logs N/A

Additional context N/A

agnasillo avatar Jun 07 '24 16:06 agnasillo

@anasillo thank you for reporting this. I will create an internal backlog to address this.

snebhu3 avatar Jun 21 '24 21:06 snebhu3