---
inputType: "CA10__CaAwsCloudTrailTrail__c"
testData:
  - file: "test-data.json"
conditions:
  - status: "INCOMPLIANT"
    currentStateMessage: "CloudTrail integration with CloudWatch Logs is not configured."
    remediationMessage: "Configure the trail to deliver events to a CloudWatch Logs log group by using an IAM role for CloudWatch Logs delivery."
    check:
      OR:
        args:
          - IS_EMPTY:
              arg:
                FIELD:
                  path: "CA10__cloudWatchLogsLogGroupArn__c"
          - IS_EMPTY:
              arg:
                FIELD:
                  path: "CA10__cloudWatchLogsRoleArn__c"
  - status: "INCOMPLIANT"
    currentStateMessage: "The configured CloudWatch Logs log group is missing."
    remediationMessage: "Verify that the trail references an active CloudWatch Logs log group."
    check:
      IS_EMPTY_LOOKUP: "CA10__cloudWatchLogsLogGroup__r"
  - status: "INCOMPLIANT"
    currentStateMessage: "The configured IAM role for CloudWatch Logs delivery is missing."
    remediationMessage: "Verify that the trail references an active IAM role for CloudWatch Logs delivery."
    check:
      IS_EMPTY_LOOKUP: "CA10__cloudWatchLogsRole__r"
  - status: "COMPLIANT"
    currentStateMessage: "CloudTrail is integrated with CloudWatch Logs."
    check:
      AND:
        args:
          - NOT_EMPTY_LOOKUP: "CA10__cloudWatchLogsLogGroup__r"
          - NOT_EMPTY_LOOKUP: "CA10__cloudWatchLogsRole__r"
otherwise:
  status: "UNDETERMINED"
  currentStateMessage: "Unexpected values in the fields."