{"id":19978381,"url":"https://github.com/geekcell/terraform-aws-cloudtrail-alerts","last_synced_at":"2025-10-10T02:10:29.346Z","repository":{"id":174651448,"uuid":"650637536","full_name":"geekcell/terraform-aws-cloudtrail-alerts","owner":"geekcell","description":"Terraform module to provision an AWS Cloudwatch Alerts for Cloudtrail.","archived":false,"fork":false,"pushed_at":"2023-11-21T08:23:27.000Z","size":29,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-10-01T22:56:46.515Z","etag":null,"topics":["alarm","alert","audit","aws","cis","cloudtrail","cloudwatch","logging","sns","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"https://www.geekcell.io","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/geekcell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-07T13:40:47.000Z","updated_at":"2023-06-12T10:41:48.000Z","dependencies_parsed_at":"2024-11-13T03:33:30.494Z","dependency_job_id":"b1150d2d-431d-45fb-a4f7-b26c8b0ff1e4","html_url":"https://github.com/geekcell/terraform-aws-cloudtrail-alerts","commit_stats":null,"previous_names":["geekcell/terraform-aws-cloudtrail-alerts"],"tags_count":6,"template":false,"template_full_name":"geekcell/terraform-aws-module-template","purl":"pkg:github/geekcell/terraform-aws-cloudtrail-alerts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-cloudtrail-alerts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-cloudtrail-alerts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-cloudtrail-alerts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-cloudtrail-alerts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/geekcell","download_url":"https://codeload.github.com/geekcell/terraform-aws-cloudtrail-alerts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-cloudtrail-alerts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002528,"owners_count":26083399,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alarm","alert","audit","aws","cis","cloudtrail","cloudwatch","logging","sns","terraform","terraform-module"],"created_at":"2024-11-13T03:33:14.750Z","updated_at":"2025-10-10T02:10:29.316Z","avatar_url":"https://github.com/geekcell.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- BEGIN_TF_DOCS --\u003e\n[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)\n\n\n### Code Quality\n[![License](https://img.shields.io/github/license/geekcell/terraform-aws-cloudtrail-alerts)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/blob/master/LICENSE)\n[![GitHub release (latest tag)](https://img.shields.io/github/v/release/geekcell/terraform-aws-cloudtrail-alerts?logo=github\u0026sort=semver)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/releases)\n[![Release](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/release.yaml)\n[![Validate](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/validate.yaml)\n[![Lint](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/linter.yaml)\n\n\u003c!--\nReplace the GitHub Repo name and comment in these badges if they BridgeCrew is enabled for this repository.\n\n### Security\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/general)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=INFRASTRUCTURE+SECURITY)\n\n#### Cloud\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+AWS+V1.2)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_aws_13)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+AWS+V1.3)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+AZURE+V1.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_azure_13)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+AZURE+V1.3)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+GCP+V1.1)\n\n##### Container\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_kubernetes_16)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+KUBERNETES+V1.6)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_eks_11)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+EKS+V1.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_gke_11)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+GKE+V1.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=CIS+KUBERNETES+V1.5)\n\n#### Data protection\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=SOC2)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=PCI-DSS+V3.2)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/pci_dss_v321)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=PCI-DSS+V3.2.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=ISO27001)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=NIST-800-53)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=HIPAA)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts\u0026benchmark=FEDRAMP+%28MODERATE%29)\n\n--\u003e\n\n# Terraform AWS CloudTrail Alerts Module\n\nA module that create CloudWatch metric filters and alarms required for most modern compliance reports. This\nmodule includes the necessary metric filters and alarms for the following compliance reports:\n\n| Compliance Report | Sections |\n|---|---|\n| CIS AWS Foundations Benchmark v1.5.0 | Section 4.1 - 4.15 |\n| NIST 800-171 v2 | Section 3.12.3 |\n| ISO/IEC 27001 v2 | Section A.12.4.1 |\n| PCI DSS v3.2.1 | Section 10.1 |\n| SOC 2 v2 | Section 5.2 |\n\nThis module can also create an SNS topic with a Slack channel configuration for AWS Chatbot (must be configured)\nmanually in the AWS Console.\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_cloudtrail_log_group_name\"\u003e\u003c/a\u003e [cloudtrail\\_log\\_group\\_name](#input\\_cloudtrail\\_log\\_group\\_name) | The name of the CloudWatch log group to filter for events. Defaults to the AWS Control Tower created Baseline. | `string` | `\"aws-controltower/CloudTrailLogs\"` | no |\n| \u003ca name=\"input_cloudwatch_namespace\"\u003e\u003c/a\u003e [cloudwatch\\_namespace](#input\\_cloudwatch\\_namespace) | The namespace to use for the CloudWatch metric filter. | `string` | `\"CISBenchmark\"` | no |\n| \u003ca name=\"input_prefix\"\u003e\u003c/a\u003e [prefix](#input\\_prefix) | Prefix that will added to created resources. | `string` | n/a | yes |\n| \u003ca name=\"input_slack_channel_id\"\u003e\u003c/a\u003e [slack\\_channel\\_id](#input\\_slack\\_channel\\_id) | The ID of the Slack channel to send alerts to. | `string` | `null` | no |\n| \u003ca name=\"input_slack_workspace_id\"\u003e\u003c/a\u003e [slack\\_workspace\\_id](#input\\_slack\\_workspace\\_id) | The ID of the Slack workspace to send alerts to. | `string` | `null` | no |\n| \u003ca name=\"input_sns_kms_master_key_alias\"\u003e\u003c/a\u003e [sns\\_kms\\_master\\_key\\_alias](#input\\_sns\\_kms\\_master\\_key\\_alias) | The alias of the KMS key to use to encrypt the SNS topic if no key is provided. | `string` | `\"alias/sns/cloudtrail-alerts\"` | no |\n| \u003ca name=\"input_sns_kms_master_key_id\"\u003e\u003c/a\u003e [sns\\_kms\\_master\\_key\\_id](#input\\_sns\\_kms\\_master\\_key\\_id) | The ARN of the KMS key to use to encrypt the SNS topic. Will create a new CMK if not provided. | `string` | `null` | no |\n| \u003ca name=\"input_sns_topic_arn\"\u003e\u003c/a\u003e [sns\\_topic\\_arn](#input\\_sns\\_topic\\_arn) | Use an existing SNS topic to send alerts to. | `string` | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Tags to add to the created resources. | `map(any)` | `{}` | no |\n\n## Outputs\n\nNo outputs.\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 4.40 |\n| \u003ca name=\"provider_awscc\"\u003e\u003c/a\u003e [awscc](#provider\\_awscc) | 0.53.0 |\n\n## Resources\n\n- resource.aws_cloudwatch_log_metric_filter.main (main.tf#24)\n- resource.aws_cloudwatch_metric_alarm.main (main.tf#38)\n- resource.aws_kms_alias.main (main.tf#71)\n- resource.aws_kms_key.main (main.tf#59)\n- resource.aws_sns_topic.main (main.tf#110)\n- resource.awscc_chatbot_slack_channel_configuration.main (main.tf#120)\n- data source.aws_caller_identity.current (main.tf#18)\n- data source.aws_cloudwatch_log_group.cloudtrail (main.tf#20)\n- data source.aws_iam_policy_document.kms (main.tf#78)\n\n# Examples\n### Complete\n```hcl\nmodule \"example\" {\n  source = \"../../\"\n\n  prefix = \"root\"\n}\n```\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeekcell%2Fterraform-aws-cloudtrail-alerts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgeekcell%2Fterraform-aws-cloudtrail-alerts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeekcell%2Fterraform-aws-cloudtrail-alerts/lists"}