Disable management events for Lambda & S3 Cloudtrail event selectors

Prevents duplicate management event selectors being created in the
organisation Cloud Trail.

Signed-off-by: Richard Baker <[email protected]>

source/packages/@aws-accelerator/accelerator/lib/stacks/organizations-stack.ts

@@ -821,15 +821,23 @@ export class OrganizationsStack extends AcceleratorStack {
     });
 
     if (this.stackProperties.globalConfig.logging.cloudtrail.organizationTrailSettings?.s3DataEvents ?? true) {
-      organizationsTrail.addEventSelector(cdk.aws_cloudtrail.DataResourceType.S3_OBJECT, [
-        `arn:${cdk.Stack.of(this).partition}:s3:::`,
-      ]);
+      organizationsTrail.addEventSelector(
+        cdk.aws_cloudtrail.DataResourceType.S3_OBJECT,
+        [`arn:${cdk.Stack.of(this).partition}:s3:::`],
+        {
+          includeManagementEvents: false,
+        },
+      );
     }
 
     if (this.stackProperties.globalConfig.logging.cloudtrail.organizationTrailSettings?.lambdaDataEvents ?? true) {
-      organizationsTrail.addEventSelector(cdk.aws_cloudtrail.DataResourceType.LAMBDA_FUNCTION, [
-        `arn:${cdk.Stack.of(this).partition}:lambda`,
-      ]);
+      organizationsTrail.addEventSelector(
+        cdk.aws_cloudtrail.DataResourceType.LAMBDA_FUNCTION,
+        [`arn:${cdk.Stack.of(this).partition}:lambda`],
+        {
+          includeManagementEvents: false,
+        },
+      );
     }
 
     organizationsTrail.node.addDependency(enableCloudtrailServiceAccess);