Skip to content

Commit 55f7b55

Browse files
hassanchawichehassanchawiche
authored
Merge pull request Azure#13281 from Azure/derricklee/fix-aws-connector-script
Fix AWS Connector script for CloudTrail
2 parents 9b4e5e2 + 2b4d969 commit 55f7b55

File tree

1 file changed

+7
-5
lines changed

1 file changed

+7
-5
lines changed

DataConnectors/AWS-S3/ConfigCloudTrailDataConnector.ps1

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -246,7 +246,9 @@ $sqsArn = ((aws sqs get-queue-attributes --queue-url $sqsUrl --attribute-names Q
246246
Write-Log -Message $sqsArn -LogFileName $LogFileName -Severity Verbose
247247

248248
$kmsConfirmation = Read-ValidatedHost -Prompt 'Do you want to enable KMS for CloudTrail? [y/n]' -ValidationType Confirm
249-
if ($kmsConfirmation -eq 'y') {
249+
$kmsEnabled = $kmsConfirmation -eq 'y'
250+
251+
if ($kmsEnabled) {
250252
New-KMS
251253
$kmsArn = ($kmsKeyDescription | ConvertFrom-Json).KeyMetadata.Arn
252254
$kmsKeyId = ($kmsKeyDescription | ConvertFrom-Json).KeyMetadata.KeyId
@@ -291,7 +293,7 @@ Set-RetryAction({
291293

292294
$isCloudTrailNotExist = $lastexitcode -ne 0
293295
if ($isCloudTrailNotExist) {
294-
if ($kmsConfirmation -eq 'y') {
296+
if ($kmsEnabled) {
295297
Write-Log -Message "Executing: aws cloudtrail create-trail --name $cloudTrailName --s3-bucket-name $bucketName --kms-key-id $kmsKeyId --tags-list $(ConvertTo-Json -InputObject @($(Get-SentinelTagInJsonFormat) | ConvertFrom-Json) -Depth 99 -Compress) 2>&1" -LogFileName $LogFileName -Severity Verbose
296298
$tempForOutput = aws cloudtrail create-trail --name $cloudTrailName --s3-bucket-name $bucketName --kms-key-id $kmsKeyId --tags-list $(ConvertTo-Json -InputObject @($(Get-SentinelTagInJsonFormat) | ConvertFrom-Json) -Depth 99 -Compress) 2>&1
297299
Write-Log -Message $tempForOutput -LogFileName $LogFileName -Severity Verbose
@@ -309,9 +311,9 @@ Set-RetryAction({
309311
$cloudTrailBucketConfirmation = Read-ValidatedHost "Trail '${cloudTrailName}' is already configured. Do you want to override the bucket destination? [y/n]"
310312

311313
if ($cloudTrailBucketConfirmation -eq 'y') {
312-
if ($kmsConfirmation -eq 'y') {
313-
Write-Log -Message "Executing: aws cloudtrail update-trail --name $cloudTrailName --s3-bucket-name $bucketName -kms-key-id $kmsKeyId | Out-Null" -LogFileName $LogFileName -Severity Verbose
314-
aws cloudtrail update-trail --name $cloudTrailName --s3-bucket-name $bucketName -kms-key-id $kmsKeyId | Out-Null
314+
if ($kmsEnabled) {
315+
Write-Log -Message "Executing: aws cloudtrail update-trail --name $cloudTrailName --s3-bucket-name $bucketName --kms-key-id $kmsKeyId | Out-Null" -LogFileName $LogFileName -Severity Verbose
316+
aws cloudtrail update-trail --name $cloudTrailName --s3-bucket-name $bucketName --kms-key-id $kmsKeyId | Out-Null
315317
}
316318
else {
317319
Write-Log -Message "Executing: aws cloudtrail update-trail --name $cloudTrailName --s3-bucket-name $bucketName | Out-Null" -LogFileName $LogFileName -Severity Verbose

0 commit comments

Comments
 (0)