S3 Object level logging with existing cloud trail

[Oliver Schrenk]

Hi,

I’m trying to add object-level cloud trail logging to existing s3 buckets (controlled by terraform) by connecting them to an existing cloud trail (outside terraforms and my control).

I’m also happy to enable to log s3 events from all buckets but 

```

# from https://www.terraform.io/docs/providers/aws/r/cloudtrail.html

resource "aws_cloudtrail" "example" {

  # ... other configuration ...

  event_selector {

    read_write_type           = "All"

    include_management_events = true

    data_resource {

      type   = "AWS::S3::Object"

      values = ["arn:aws:s3:::"]

    }

  }

}

```

As I understand would create a new Cloudtrail entry. 

How can I enable S3 Object level logging with an existing cloud trail?

Cheers,

Oliver

[Saverio Proto]

Do you mean the existing cloud trail entry was not created by terraform ?
if it is like this, you would have to import it in Terraform first.

Saverio

Il giorno mer 29 mag 2019 alle ore 14:34 Oliver Schrenk
<oliver....@gmail.com> ha scritto:

> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/terraform/issues
> IRC: #terraform-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Terraform" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/eedc653f-c0b7-41ec-af84-b83816a120db%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.