From e0d86c134aabe0c6b49ba966c3891cc7ec6e9117 Mon Sep 17 00:00:00 2001
From: soffensive <9149004+soffensive@users.noreply.github.com>
Date: Wed, 17 Apr 2019 13:38:12 +0200
Subject: [PATCH] Iterate over all regions

Iterate over all regions
---
 checks/check22 | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/checks/check22 b/checks/check22
index ffc28b67..18b13742 100644
--- a/checks/check22
+++ b/checks/check22
@@ -16,17 +16,18 @@ CHECK_ALTERNATE_check202="check22"
 
 check22(){
   # "Ensure CloudTrail log file validation is enabled (Scored)"
-  LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].Name' --output text)
-  if [[ $LIST_OF_TRAILS ]];then
-    for trail in $LIST_OF_TRAILS;do
-      LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail)
-      if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then
-        textFail "$trail trail in $REGION has not log file validation enabled"
-      else
-        textPass "$trail trail in $REGION has log file validation enabled"
-      fi
-    done
-  else
-    textFail "No CloudTrail trails found!"
-  fi
+ 
+	for regx in $REGIONS; do
+	LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].Name' --output text --no-include-shadow-trails)
+	if [[ $LIST_OF_TRAILS ]];then
+		for trail in $LIST_OF_TRAILS;do
+		LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail)
+		if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then
+			textFail "$trail trail in $regx has not log file validation enabled"
+		else
+			textPass "$trail trail in $regx has log file validation enabled"
+		fi
+		done
+	fi
+	done
 }