From 636f66231ffb89023503618c51eb094c8b7268a3 Mon Sep 17 00:00:00 2001
From: Shiva Ramamurthi <shiva.ramamurthi@wandb.com>
Date: Mon, 27 Jan 2025 12:53:59 -0800
Subject: [PATCH] feat: Cloudtrail logging for s3 events

---
 modules/cloudtrail/main.tf | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/cloudtrail/main.tf b/modules/cloudtrail/main.tf
index 2f2226c75..7be65c46e 100644
--- a/modules/cloudtrail/main.tf
+++ b/modules/cloudtrail/main.tf
@@ -97,15 +97,18 @@ resource "aws_cloudtrail" "s3_event_logs" {
   enable_log_file_validation    = var.enable_log_file_validation
 
   event_selector {
-    read_write_type           = "All"
+    read_write_type           = "All" # Log both read and write events
     include_management_events = true
 
     data_resource {
-      type   = "AWS::S3::Object"
-      values = ["arn:aws:s3:::*"]
+      type = "AWS::S3::Object"
+      values = [
+        "arn:aws:s3:::${aws_s3_bucket.cloudtrail_logs[0].id}" # Specific bucket ARN
+      ]
     }
   }
 
-  tags       = merge(var.tags, { Name = "CloudTrail" })
+  tags = merge(var.tags, { Name = "CloudTrail" })
+
   depends_on = [aws_s3_bucket_policy.cloudtrail_logs]
 }
\ No newline at end of file