Giter Site home page Giter Site logo

terraform-aws-cloudtrail-alarms's Introduction

terraform-aws-cloudtrail-alarms

This module creates a number of Cloudwatch alarms that alert on Cloudtrail events; they are meant to provide compliance with the AWS CIS benchmark.

This module uses Cloudtrail logs which have been written to a Cloudwatch logs group; this means for organizations with an organization Cloudtrail, you only need to put this in the master account.

The following alarms are available in this module; all can be toggled on or off, but by default all alarms are active.

  • AWS Config changes
  • Cloudtrail config changes
  • Console signin failures
  • Disabling or deleting CMK
  • IAM changes
  • Network ACL changes
  • Network gateway changes
  • No MFA console logins
  • Root account usage
  • Route table changes
  • S3 bucket policy changes
  • Security group changes
  • Unauthorized API calls
  • VPC changes

These alarms were adapted from those in https://github.com/nozaq/terraform-aws-secure-baseline.

Usage

module "cloudtrail_alarms" {
  source         = "trussworks/cloudtrail-alarms/aws"
  version        = "~> 1.0.0"

  alarm_sns_topic_arn = aws_sns_topic.my_alerts.arn
}

Requirements

Name Version
terraform >= 1.0
aws >= 3.0

Providers

Name Version
aws >= 3.0

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_metric_filter.aws_config_changes resource
aws_cloudwatch_log_metric_filter.cloudtrail_cfg_changes resource
aws_cloudwatch_log_metric_filter.console_signin_failures resource
aws_cloudwatch_log_metric_filter.disable_or_delete_cmk resource
aws_cloudwatch_log_metric_filter.iam_changes resource
aws_cloudwatch_log_metric_filter.nacl_changes resource
aws_cloudwatch_log_metric_filter.network_gw_changes resource
aws_cloudwatch_log_metric_filter.no_mfa_console_signin_assumed_role resource
aws_cloudwatch_log_metric_filter.no_mfa_console_signin_no_assumed_role resource
aws_cloudwatch_log_metric_filter.root_usage resource
aws_cloudwatch_log_metric_filter.route_table_changes resource
aws_cloudwatch_log_metric_filter.s3_bucket_policy_changes resource
aws_cloudwatch_log_metric_filter.security_group_changes resource
aws_cloudwatch_log_metric_filter.unauthorized_api_calls resource
aws_cloudwatch_log_metric_filter.vpc_changes resource
aws_cloudwatch_metric_alarm.aws_config_changes resource
aws_cloudwatch_metric_alarm.cloudtrail_cfg_changes resource
aws_cloudwatch_metric_alarm.console_signin_failures resource
aws_cloudwatch_metric_alarm.disable_or_delete_cmk resource
aws_cloudwatch_metric_alarm.iam_changes resource
aws_cloudwatch_metric_alarm.nacl_changes resource
aws_cloudwatch_metric_alarm.network_gw_changes resource
aws_cloudwatch_metric_alarm.no_mfa_console_signin resource
aws_cloudwatch_metric_alarm.root_usage resource
aws_cloudwatch_metric_alarm.route_table_changes resource
aws_cloudwatch_metric_alarm.s3_bucket_policy_changes resource
aws_cloudwatch_metric_alarm.security_group_changes resource
aws_cloudwatch_metric_alarm.unauthorized_api_calls resource
aws_cloudwatch_metric_alarm.vpc_changes resource

Inputs

Name Description Type Default Required
alarm_namespace Namespace for generated Cloudwatch alarms string "CISBenchmark" no
alarm_prefix Prefix for the alarm name string "" no
alarm_sns_topic_arn SNS topic ARN for generated alarms string n/a yes
aws_config_changes Toggle AWS Config changes alarm bool true no
cloudtrail_cfg_changes Toggle Cloudtrail config changes alarm bool true no
cloudtrail_log_group_name Cloudwatch log group name for Cloudtrail logs string "cloudtrail-events" no
console_signin_failures Toggle console signin failures alarm bool true no
disable_assumed_role_login_alerts Toggle to disable assumed role console login alerts - violates CIS Benchmark bool false no
disable_or_delete_cmk Toggle disable or delete CMK alarm bool true no
iam_changes Toggle IAM changes alarm bool true no
nacl_changes Toggle network ACL changes alarm bool true no
network_gw_changes Toggle network gateway changes alarm bool true no
no_mfa_console_login Toggle no MFA console login alarm bool true no
root_usage Toggle root usage alarm bool true no
route_table_changes Toggle route table changes alarm bool true no
s3_bucket_policy_changes Toggle S3 bucket policy changes alarm bool true no
security_group_changes Toggle security group changes alarm bool true no
tags Tags for resources created map(string) {} no
unauthorized_api_calls Toggle unauthorized api calls alarm bool true no
vpc_changes Toggle VPC changes alarm bool true no

Outputs

No outputs.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.