Giter Site home page Giter Site logo

rhythmictech / terraform-aws-cloudtrail-logging Goto Github PK

View Code? Open in Web Editor NEW
7.0 2.0 6.0 31 KB

Configure CloudTrail logging to CloudWatch Logs and S3

Home Page: https://registry.terraform.io/modules/rhythmictech/logging/cloudtrail

License: MIT License

HCL 77.91% Shell 22.09%
terraform terraform-modules terraform-module aws logging cloudtrail

terraform-aws-cloudtrail-logging's Introduction

terraform-aws-cloudtrail-logging

tflint tfsec yamllint misspell pre-commit-check follow on Twitter

Configure CloudTrail logging to CloudWatch Logs and S3. When used with CloudTrail Bucket module, this properly configures CloudTrail logging with a KMS CMK as required by CIS.

Logs can easily be centralized to a central security logging account by creating a bucket in a single account and referencing the bucket and KMS key.

Usage


module "cloudtrail-logging" {
  source            = "git::https://github.com/rhythmictech/terraform-cloudtrail-logging"
  region            = var.region
  cloudtrail_bucket = module.cloudtrail-bucket.bucket_name
  kms_key_id        = module.cloudtrail-bucket.kms_key_id
}

Requirements

Name Version
terraform >= 0.12.20

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
cloudtrail_bucket Name of bucket for CloudTrail logs string n/a yes
kms_key_id KMS key ARN to use for encrypting CloudTrail logs string n/a yes
region Region that CloudWatch logging and the S3 bucket will live in string n/a yes
cloudtrail_name Name for the CloudTrail string "cloudtrail-all" no
iam_path Path under which to put the IAM role. Should begin and end with a '/'. string "/" no
lambda_functions Lambda functions to log. Specify ["arn:aws:lambda"] for all, or [ ] for none. list [] no
log_group_name Name for CloudTrail log group string "cloudtrail2cwl" no
retention_in_days How long should CloudTrail logs be retained in CloudWatch (does not affect S3 storage). Set to -1 for indefinite storage. number 7 no
s3_object_level_buckets ARNs of buckets for which to enable object level logging. Specify ["arn:aws:s3:::"] for all, or [ ] for none. If listing ARNs, make sure to end each one with a /. list [] no
tags Mapping of any extra tags you want added to resources map(string) {} no

Outputs

Name Description
cloudwatch_loggroup_arn The arn of the CloudWatch log group
cloudwatch_loggroup_name The name of the CloudWatch log group

Related Projects

terraform-aws-cloudtrail-logging's People

Contributors

cdaniluk avatar fdamstra avatar pre-commit-ci[bot] avatar sblack4 avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

rajivchirania fdamstra storagematt yaminiu dmytroleonenko ryanoatz99

terraform-aws-cloudtrail-logging's Issues

[BUG] doesn't support aws provider v3

Describe the bug
The AWS provider v3 doesn't add *, see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-3-upgrade#resource-aws_cloudwatch_log_group

To Reproduce

>  tf version                                                                                                                                                                                                             
Terraform v0.12.24
+ provider.aws v3.0.0
+ provider.errorcheck v2.0.3

# maint.tf
module "cloudtrail_logging" {
  source            = "rhythmictech/cloudtrail-logging/aws"
  version           = "1.1.0"
  region            = var.region
  cloudtrail_bucket = module.cloudtrail_bucket.s3_bucket_name
  kms_key_id        = module.cloudtrail_bucket.kms_key_id
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.