* 2.6.1 -- 2024-09-11

  - cloudtrail
    - add variable enable_logging to disable the objectlogging trail

CHANGELOG.md

@@ -365,4 +365,8 @@
 
 * 2.6.0 -- 2024-07-09
   - cloudtrail
-    - add variable enable_organization_s3_objectlogging, when usewd with enable_organization, to do data events
+    - add variable enable_organization_s3_objectlogging, when used with enable_organization, to do data events
+
+* 2.6.1 -- 2024-09-11
+  - cloudtrail
+    - add variable enable_logging to disable the objectlogging trail

cloudtrail/README.md

@@ -445,6 +445,7 @@ No modules.
 | <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
 | <a name="input_create_cloudtrail"></a> [create\_cloudtrail](#input\_create\_cloudtrail) | Flag to enable or disable creation of cloudtrail | `bool` | `true` | no |
 | <a name="input_enable_cloudwatch_logs"></a> [enable\_cloudwatch\_logs](#input\_enable\_cloudwatch\_logs) | Enable CloudWatch Logs for this CloudTrail | `bool` | `true` | no |
+| <a name="input_enable_logging"></a> [enable\_logging](#input\_enable\_logging) | Enable CloudTrail logging. This is to be able to turn off a CloudTrail (like the objectlogging, which we are removing) | `bool` | `true` | no |
 | <a name="input_enable_organization"></a> [enable\_organization](#input\_enable\_organization) | Enable CloudTrail as an organization trail. This will only work in the organization master or delegated account | `bool` | `false` | no |
 | <a name="input_enable_organization_s3_objectlogging"></a> [enable\_organization\_s3\_objectlogging](#input\_enable\_organization\_s3\_objectlogging) | Enable CloudTrail organization trail S3 data events | `bool` | `false` | no |
 | <a name="input_enable_s3_sns"></a> [enable\_s3\_sns](#input\_enable\_s3\_sns) | Flag to enable or disable the creation of SNS for the Cloudtrail S3 bucket | `bool` | `false` | no |

cloudtrail/cloudtrail.tf

@@ -6,7 +6,7 @@ resource "aws_cloudtrail" "this" {
   include_global_service_events = true
   is_multi_region_trail         = var.enable_organization ? true : false
   enable_log_file_validation    = true
-  enable_logging                = true
+  enable_logging                = var.enable_logging
   kms_key_id                    = var.kms_key_arn
   sns_topic_name                = var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null
   cloud_watch_logs_group_arn    = var.enable_cloudwatch_logs ? format("%v:*", aws_cloudwatch_log_group.this[0].arn) : null

cloudtrail/variables.tf

@@ -125,3 +125,10 @@ variable "create_cloudtrail" {
   type        = bool
   default     = true
 }
+
+variable "enable_logging" {
+  description = "Enable CloudTrail logging. This is to be able to turn off a CloudTrail (like the objectlogging, which we are removing)"
+  type        = bool
+  default     = true
+}
+

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.6.0"
+  _module_version = "2.6.1"
 }