inspec · soumyo13 · Mar 30, 2023 · Feb 28, 2023 · Feb 28, 2023 · Mar 13, 2023
@@ -10,34 +10,36 @@ identifier = "inspec/resources/aws/aws_cloudtrail_trail Resource"
 parent = "inspec/resources/aws"
 +++
 
-Use the `aws_cloudtrail_trail` InSpec audit resource to test properties of a single AWS CloudTrail.
+Use the `aws_cloudtrail_trail` Chef InSpec audit resource to test properties of a single AWS CloudTrail trail.
 
 ## Installation
 
 {{% inspec_aws_install %}}
 
 ## Syntax
 
-An `aws_cloudtrail_trail` resource block identifies a trail by `trail_name`.
+An `aws_cloudtrail_trail` resource block identifies a trail by `TRAIL_NAME`.
+
+**Find a trail by name:**
 
-    # Find a trail by name
 ```ruby
-describe aws_cloudtrail_trail('trail-name') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   it { should exist }
 end
 ```
 
-    # Hash syntax for trail name
+**Use hash syntax to find a trail by trail name:**
+
 ```ruby
-describe aws_cloudtrail_trail(trail_name: 'trail-name') do
+describe aws_cloudtrail_trail(trail_name: 'TRAIL_NAME') do
   it { should exist }
 end
 ```
 
 ## Parameters
 
 `trail_name` _(required)_
-: This resource expects a single parameter, the CloudTrail Name which uniquely identifies it.
+: This resource expects a single parameter, the CloudTrail name which uniquely identifies it.
   This can be passed either as a string or as a `trail_name: 'value'` key-value entry in a hash.
 
 See also the [AWS documentation on CloudTrail](https://docs.aws.amazon.com/cloudtrail/index.html#lang/en_us).
@@ -47,7 +49,7 @@ See also the [AWS documentation on CloudTrail](https://docs.aws.amazon.com/cloud
 `trail_arn`
 : Specifies the ARN of the trail.
 
-`trail_name`
+`TRAIL_NAME`
 : Name of the trail.
 
 `home_region`
@@ -65,102 +67,131 @@ See also the [AWS documentation on CloudTrail](https://docs.aws.amazon.com/cloud
 `kms_key_id`
 : Specifies the KMS key ID that encrypts the logs delivered by CloudTrail.
 
+`s3_key_prefix`
+: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery.
+
+`is_organization_trail`
+: Specifies whether the trail is an organization trail. It returns boolean value.
+
 ## Examples
 
 **Test that the specified trail does exist.**
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   it { should exist }
 end
 ```
 
 ```ruby
-describe aws_cloudtrail_trail(trail_name: 'my-cloudtrail') do
+describe aws_cloudtrail_trail(trail_name: 'TRAIL_NAME') do
   it { should exist }
 end
 ```
 
 **Check the KMS key used to encrypt.**
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
-  its('kms_key_id') { should eq "my-kms-key" }
+describe aws_cloudtrail_trail('TRAIL_NAME') do
+  its('kms_key_id') { should eq "KMS_KEY_ID" }
 end
 ```
 
-**Check the Home Region is correct.**
+**Check the home region is correct.**
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   its('home_region') { should eq 'us-east-1' }
 end
 ```
 
 **Test that the specified trail is a multi-region trail.**
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   it { should be_multi_region_trail }
 end
 ```
 
-
-**Test that the specified trail is an organizational trail.**
+**Test that the specified trail is an organization trail.**
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
+  its("is_organization_trail") { should eq true }
   it { should be_organization_trail }
 end
 ```
 
+**Test that the specified trail has a S3 Key Prefix.**
+
+```ruby
+describe aws_cloudtrail_trail('TRAIL_NAME') do
+  its("s3_key_prefix") { should eq 'S3_KEY_PREFIX_NAME' }
+end
+```
+
 ## Matchers
 
 {{% inspec_matchers_link %}}
 
 ### exist
 
-The control will pass if the describe returns at least one result.
-
-Use `should_not` to test the entity should not exist.
+Use `should` with the `exist` matcher to verify that the CloudTrail trail exists.
 
-    # Verify that at least one CloudTrail Trail exists.
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   it { should exist }
 end
 ```
 
-#### be_multi_region_trail
+Use `should_not` to verify that a CloudTrail trail does not exists.
+
+```ruby
+describe aws_cloudtrail_trail('TRAIL_NAME') do
+  it { should_not exist }
+end
+```
+
+### be_multi_region_trail
 
 The test will pass if the identified trail is a multi-region trail.
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   it { should be_multi_region_trail }
 end
 ```
 
-#### be_encrypted
+### be_encrypted
 
 The test will pass if the logs delivered by the identified trail are encrypted.
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   it { should be_encrypted }
 end
 ```
 
-#### be_log_file_validation_enabled
+### be_log_file_validation_enabled
 
-The test will pass if the identified trail has log file integrity validation is enabled.
+The test will pass if the identified trail has log file integrity validation enabled.
 
 ```ruby
-describe aws_cloudtrail_trail('my-cloudtrail') do
+describe aws_cloudtrail_trail('TRAIL_NAME') do
   it { should be_log_file_validation_enabled }
 end
 ```
 
+### be_organization_trail
+
+The test will pass if the identified trail has organization trail is enabled.
+
+```ruby
+describe aws_cloudtrail_trail('TRAIL_NAME') do
+  it { should be_organization_trail }
+end
+```
+
 ## AWS Permissions
 
 {{% aws_permissions_principal action="CloudTrail:Client:DescribeTrailsResponse" %}}

@@ -49,4 +49,10 @@
     its('cloud_watch_logs_log_group_arn') { should be_nil}
     its('kms_key_id') { should be_nil }
   end
+
+  describe aws_cloudtrail_trail(aws_cloud_trail_name) do
+    its('s3_key_prefix') { should_not eq nil }
+    its('is_organization_trail') { should eq false }
+    it { should be_organization_trail }
+  end
 end