We're currently getting a false positive from the CloudTrail Enabled plugin regarding not having global services enabled.
Context
We have multiple active trails in our AWS account that get funneled to different downstream services. In order to avoid getting repeated global services events from every trail, only 1 trail in our account has IncludeGlobalServiceEvents enabled. The plugin check currently breaks out of the for-loop after finding the first trail that is enabled (isLogging = true). Because of this it is not able to tell that another trail in describeTrails.data does indeed have global services enabled and misreports the configuration error.
Mav55
commented
6 years ago
Issue
We're currently getting a false positive from the CloudTrail Enabled plugin regarding not having global services enabled.
Context
We have multiple active trails in our AWS account that get funneled to different downstream services. In order to avoid getting repeated global services events from every trail, only 1 trail in our account has
IncludeGlobalServiceEventsenabled. The plugin check currently breaks out of the for-loop after finding the first trail that is enabled (isLogging = true). Because of this it is not able to tell that another trail indescribeTrails.datadoes indeed have global services enabled and misreports the configuration error.