in subfunctions/ALE_single_account.py [0:0]
def check_cloudtrail(account_number, unique_end):
"""Function to check if CloudTrail is enabled"""
logging.info("Checking to see if CloudTrail is on, and will activate if needed.")
try:
logging.info("DescribeTrails API Call")
cloudtrail_status = cloudtrail.describe_trails(
includeShadowTrails=True
)
if cloudtrail_status["trailList"][0]["Name"] == "":
logging.info("CreateTrail API Call")
cloudtrail_activate = cloudtrail.create_trail(
Name='assisted-log-enabler-ct-' + account_number,
S3BucketName="aws-log-collection-" + account_number + "-" + region + "-" + unique_end,
S3KeyPrefix='cloudtrail',
IsMultiRegionTrail=True,
EnableLogFileValidation=True
)
cloudtrail_name = cloudtrail_activate["Name"]
cloudtrail_arn = cloudtrail_activate["TrailARN"]
logging.info("AddTags API Call")
cloudtrail_tags = cloudtrail.add_tags(
ResourceId=cloudtrail_arn,
TagsList=[
{
'Key': 'workflow',
'Value': 'assisted-log-enabler'
},
]
)
logging.info("StartLogging API Call")
cloudtrail_on = cloudtrail.start_logging(
Name=cloudtrail_name
)
logging.info("Trail " + cloudtrail_name + " is created and active.")
return
else:
logging.info("There is a CloudTrail trail active. No action needed.")
return
except Exception as exception_handle:
logging.error(exception_handle)