chore(docs): clarify use of isOrganizationTrail (aws#21824)

If `isOrganizationTrail` is set to `true`, but the current AWS account is _not_ the management account then CloudFormation will throw an error. `You cannot configure or manage trails for an organization because this action requires being signed in with the management account.` Also remove the integration test that was added for this feature since in order to test this you would need access to an AWS organization management account _and_ access to create/delete an organization trail. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
FlorinAsavoaie · Aug 30, 2022 · 82ce4a1 · 82ce4a1
1 parent e2dc2cb
commit 82ce4a1
Show file tree

Hide file tree

Showing 9 changed files with 3 additions and 424 deletions.
diff --git a/packages/@aws-cdk/aws-cloudtrail/README.md b/packages/@aws-cdk/aws-cloudtrail/README.md
@@ -190,7 +190,7 @@ trail.addLambdaEventSelector([ amazingFunction ]);
 ## Organization Trail
 
 It is possible to create a trail that will be applied to all accounts in an organization if the current account manages an organization.
-To enable this, the property `isOrganizationTrail` must be set. If this property is set and the current account does not manage an organization, the created trail will be created only for the account.
+To enable this, the property `isOrganizationTrail` must be set. If this property is set and the current account does not manage an organization, the stack will fail to deploy.
 
 ```ts
 new cloudtrail.Trail(this, 'OrganizationTrail', {

diff --git a/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts b/packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts
@@ -119,6 +119,8 @@ export interface TrailProps {
   /**
    * Specifies whether the trail is applied to all accounts in an organization in AWS Organizations, or only for the current AWS account.
    *
+   * If this is set to true then the current account _must_ be the management account. If it is not, then CloudFormation will throw an error.
+   *
    * If this is set to true and the current account is a management account for an organization in AWS Organizations, the trail will be created in all AWS accounts that belong to the organization.
    * If this is set to false, the trail will remain in the current AWS account but be deleted from all member accounts in the organization.
    *

diff --git a/...-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/CloudtrailIntegTestStack.template.json b/...-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/CloudtrailIntegTestStack.template.json
diff --git a/...est/cloudtrail.integ.snapshot/TrailIntegTestDefaultTestDeployAssertA42C24D1.template.json b/...est/cloudtrail.integ.snapshot/TrailIntegTestDefaultTestDeployAssertA42C24D1.template.json
diff --git a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/cdk.out
diff --git a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/integ.json b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/integ.json
diff --git a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.integ.snapshot/manifest.json