---
Resources:
  AWSConfigRule:
    Type: AWS::Config::ConfigRule
    Properties:
      ConfigRuleName:
        Ref: ConfigRuleName
      Description: Checks whether AWS CloudTrail creates a signed digest file with
        logs. AWS recommends that the file validation must be enabled on all trails.
        The rule is noncompliant if the validation is not enabled.
      InputParameters: {}
      Scope: {}
      Source:
        Owner: AWS
        SourceIdentifier: CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED
      MaximumExecutionFrequency:
        Ref: MaximumExecutionFrequency
Parameters:
  ConfigRuleName:
    Type: String
    Default: cloud-trail-log-file-validation-enabled
    Description: The name that you assign to the AWS Config rule.
    MinLength: '1'
    ConstraintDescription: This parameter is required.
  MaximumExecutionFrequency:
    Type: String
    Default: TwentyFour_Hours
    Description: The frequency that you want AWS Config to run evaluations for the
      rule.
    MinLength: '1'
    ConstraintDescription: This parameter is required.
    AllowedValues:
    - One_Hour
    - Three_Hours
    - Six_Hours
    - Twelve_Hours
    - TwentyFour_Hours
Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Required
      Parameters: []
    - Label:
        default: Optional
      Parameters: []
Conditions: {}