let cloudtrail_trails = Resources.*[
	Type == "AWS::CloudTrail::Trail"
]

rule cloudtrail_multiregion when %cloudtrail_trails !empty {
	%cloudtrail_trails {
		Properties {
			IsMultiRegionTrail exists <<IsMultiRegionTrail is not configured (i.e. disabled).>>
			when IsMultiRegionTrail exists {
				IsMultiRegionTrail == true <<Not a multi-region trail.>>
			}
		}
	}
}

rule cloudtrail_cloudwatch_forwarding when %cloudtrail_trails !empty {
	%cloudtrail_trails {
		Properties {
			CloudWatchLogsLogGroupArn exists <<Trail is not configured to forward logs to CloudWatch.>>
		}
	}
}

rule cloudtrail_kms_encryption when %cloudtrail_trails !empty {
	%cloudtrail_trails {
		Properties {
			KMSKeyId exists <<Encryption with KMS is not enabled for this trail.>>
		}
	}
}

rule cloudtrail_log_file_validation when %cloudtrail_trails !empty {
	%cloudtrail_trails {
		Properties {
			EnableLogFileValidation exists <<EnableLogFileValidation is not configured (i.e. disabled).>>
			when EnableLogFileValidation exists {
				EnableLogFileValidation == true <<Log file validation is disabled.>>
			}
		}
	}
}

rule cloudtrail_insights_enabled when %cloudtrail_trails !empty {
	%cloudtrail_trails {
		Properties {
			InsightSelectors exists <<CloudTrail Trail Insights is disabled.>>
		}
	}
}

rule cloudtrail_global_services_enabled when %cloudtrail_trails !empty {
	%cloudtrail_trails {
		Properties {
			IncludeGlobalServiceEvents exists <<IncludeGlobalServiceEvents is not configured (i.e. disabled).>>
			when IncludeGlobalServiceEvents exists {
				IncludeGlobalServiceEvents == true <<Global service events is disabled.>>
			}
		}
	}
}

rule organizations_trail when %cloudtrail_trails !empty {
	%cloudtrail_trails {
		Properties {
			IsOrganizationTrail exists <<IsOrganizationTrail is not configured (i.e. disabled).>>
			when IsOrganizationTrail exists {
				IsOrganizationTrail == true <<Not a organization trail.>>
			}
		}
	}
}