Proposal: Add support Object-level logging in the existing trail for resource 'aws_s3_bucket'

[Ventals]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hi! I know only one approach for enabling Object-level logging on S3 bucket via terraform - create new aws_cloudtrail and setup data_source, but in some moment it's unusable(because we have only 5 trails per region and this limit we can't increase)

Maybe the best way for resolving it - add some flag for write Object-level logs to the existing trail?

New or Affected Resource(s)

• aws_s3_bucket

Potential Terraform Configuration

We can add object_level_logging object supports the following fields:
target_trail - takes arn existing trail
events - type of event, string value Read or Write

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  object_level_logging {
    target_trail = "arn:aws:cloudtrail:region:account-id:trail/trailname"
    events = "Read/Write"
  }
}

References

• Support object-level events on s3 buckets #3425 - The first issue about this, for solving problem offered to create a new trail, not existing

[monkov]

Good job! thx, it's may solve my problem.

[caebozzini]

Hello, was this issue solved? We need to point to an existing Cloudtrail on new S3 buckets, is there any good and elegant way to do it in pure Terraform? Thank you.

[akson012]

Same issue here.

[UdhavPawar]

Facing exact same issue. Terraform tries to create as many cloud trails as number of S3 buckets, thus overall operation fails as it passes the AWS account hard-limit of 5 cloud trails per account.

[AlexandreDemailly]

Same here !
Any clue ?

[doribd]

Any solution expected in the coming release of 14 ?

[v1sion]

Im facing a similar issue, I would like to create a new data_resource / append to the existing one when creating a bucket. As there is already a cloudtrail created by another template I would like to just add one more entry to the data_resource.
Did anyway found a solution for this?

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.