fix: add reason for landing zone update, if enableOrganizationTrail c…

…hanged If logging is disabled or enabled, this is considered a reason to update the landing zone
awslabs · Jan 29, 2025 · 49383c5 · 49383c5
1 parent 806ad91
commit 49383c5
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/source/packages/@aws-lza/lib/control-tower/utils/resources.ts b/source/packages/@aws-lza/lib/control-tower/utils/resources.ts
@@ -217,6 +217,10 @@ export type ControlTowerLandingZoneDetailsType = {
    * AWS KMS CMK arn to encrypt AWS Control Tower Landing Zone resources
    */
   kmsKeyArn?: string;
+  /**
+   * Flag indicating Organization level CloudTrail is enable or not.
+   */
+  enableOrganizationTrail?: boolean;
 };
 
 /**
@@ -385,6 +389,11 @@ export function landingZoneUpdateOrResetRequired(
       `Changes made in EnableIdentityCenterAccess from ${landingZoneDetails.enableIdentityCenterAccess} to ${landingZoneConfiguration.enableIdentityCenterAccess}`,
     );
   }
+  if (landingZoneDetails.enableOrganizationTrail !== landingZoneConfiguration.enableOrganizationTrail) {
+    reasons.push(
+      `Changes made in EnableOrganizationTrail from ${landingZoneDetails.enableOrganizationTrail} to ${landingZoneConfiguration.enableOrganizationTrail}`,
+    );
+  }
 
   if (governedRegionsChanged(landingZoneDetails.governedRegions ?? [], landingZoneConfiguration.governedRegions)) {
     reasons.push(