Terraform-provider-aws: aws_cloudtrail resource: add support for exclude_management_event_sources to event_selector

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

They added an option to CloudTrail to exclude certain types of management events from your CloudTrail. This is currently just to filter out KMS events from your CloudTrail, since KMS can generate a lot of events if you have application(s) that use KMS for frequent encryption operations.

It doesn't look like the resource currently supports configuring this option.

New or Affected Resource(s)

• resource: aws_cloudtrail

Potential Terraform Configuration

resource "aws_cloudtrail" "foo" {
  name = "foo"
  s3_bucket_name = "someCloudTrailBucket"

  event_selector {
    include_management_events        = true
    read_write_type                  = "All"
    exclude_management_event_sources = ["kms.amazonaws.com"]
  }
}

References

• https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EventSelector.html#awscloudtrail-Type-EventSelector-ExcludeManagementEventSources