diff --git a/lwgenerate/aws/aws.go b/lwgenerate/aws/aws.go index e188a7ed6..e8110803c 100644 --- a/lwgenerate/aws/aws.go +++ b/lwgenerate/aws/aws.go @@ -8,6 +8,7 @@ import ( "slices" "strings" + "github.com/google/uuid" "github.com/hashicorp/hcl/v2/hclwrite" "github.com/pkg/errors" @@ -294,6 +295,9 @@ type GenerateAwsTfConfigurationArgs struct { // Lacework Organization LaceworkOrganizationLevel bool + // Use random Cloudtrail name + UseCloudTrailRandomName bool + // Default AWS Provider Tags ProviderDefaultTags map[string]interface{} @@ -595,6 +599,13 @@ func WithControlTowerLogArchiveAccount(LogArchiveAccount *AwsSubAccount) AwsTerr } } +// WithUseCloudTrailRandomName CloudTrail random name +func WithUseCloudTrailRandomName(useCloudTrailRandomName bool) AwsTerraformModifier { + return func(c *GenerateAwsTfConfigurationArgs) { + c.UseCloudTrailRandomName = useCloudTrailRandomName + } +} + // WithControlTowerKmsKeyArn Set ControlTower custom KMS key ARN func WithControlTowerKmsKeyArn(kmsKeyArn string) AwsTerraformModifier { return func(c *GenerateAwsTfConfigurationArgs) { @@ -1049,6 +1060,12 @@ func createCloudtrail(args *GenerateAwsTfConfigurationArgs) (*hclwrite.Block, er if args.ConsolidatedCloudtrail { attributes["consolidated_trail"] = true } + + if args.UseCloudTrailRandomName { + uid := uuid.New().String()[:8] + attributes["cloudtrail_name"] = fmt.Sprintf("lacework-cloudtrail-%s", uid) + } + // S3 Bucket attributes if args.CloudtrailUseExistingTrail { attributes["use_existing_cloudtrail"] = true