fix(cloudtrail): emit error if trailName is not set for organization trail

[sarisia]

This PR is based on #30490 and I'll rebase this once it is merged

Issue # (if applicable)

no open issue

Reason for this change

Organization trail without trailName attaches improper s3 bucket policy which allows trail name undefined to send logs.

                        {
                            "Action": "s3:PutObject",
                            "Condition": {
                                "StringEquals": {
                                    "s3:x-amz-acl": "bucket-owner-full-control",
                                    "aws:SourceArn": {
                                        "Fn::Join": [
                                            "",
                                            [
                                                "arn:",
                                                {
                                                    "Ref": "AWS::Partition"
                                                },
                                                ":cloudtrail:us-east-1:123456789012:trail/undefined"
                                            ]
                                        ]
                                    }
                                }
                            },
                            "Effect": "Allow",
                            "Principal": {
                                "Service": "cloudtrail.amazonaws.com"
                            },
                            "Resource": {
                                "Fn::Join": [
                                    "",
                                    [
                                        {
                                            "Fn::GetAtt": [
                                                "TrailS30071F172",
                                                "Arn"
                                            ]
                                        },
                                        "/AWSLogs/o-xxxxxxxxx/*"
                                    ]
                                ]
                            }
                        }

Description of changes

• make trailName required if isOrganizationTrail is set

Description of how you validated changes

• Added unit test

Checklist

• [x] My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 09ce4b7c853ef28f57bd4a1608b49927becfd267
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[sarisia]

Could someone please review #30490 first? Thanks

[aws-cdk-automation]

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Fixes must contain a change to an integration test file and the resulting snapshot.

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.