{"id":19508921,"url":"https://github.com/rhythmictech/terraform-aws-cloudtrail-logging","last_synced_at":"2025-07-30T08:05:14.333Z","repository":{"id":98716769,"uuid":"189878047","full_name":"rhythmictech/terraform-aws-cloudtrail-logging","owner":"rhythmictech","description":"Configure CloudTrail logging to CloudWatch Logs and S3","archived":false,"fork":false,"pushed_at":"2022-03-08T14:12:02.000Z","size":31,"stargazers_count":8,"open_issues_count":0,"forks_count":6,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-26T03:44:02.674Z","etag":null,"topics":["aws","cloudtrail","logging","terraform","terraform-module","terraform-modules"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/rhythmictech/logging/cloudtrail","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhythmictech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-06-02T17:54:57.000Z","updated_at":"2024-10-23T08:44:03.000Z","dependencies_parsed_at":"2023-05-24T22:13:21.052Z","dependency_job_id":null,"html_url":"https://github.com/rhythmictech/terraform-aws-cloudtrail-logging","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/rhythmictech/terraform-aws-cloudtrail-logging","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-cloudtrail-logging","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-cloudtrail-logging/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-cloudtrail-logging/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-cloudtrail-logging/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhythmictech","download_url":"https://codeload.github.com/rhythmictech/terraform-aws-cloudtrail-logging/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-cloudtrail-logging/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267834754,"owners_count":24151638,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloudtrail","logging","terraform","terraform-module","terraform-modules"],"created_at":"2024-11-10T23:10:22.604Z","updated_at":"2025-07-30T08:05:14.309Z","avatar_url":"https://github.com/rhythmictech.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-cloudtrail-logging\n\n[![tflint](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/workflows/tflint/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)\n[![tfsec](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/workflows/tfsec/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)\n[![yamllint](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/workflows/yamllint/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)\n[![misspell](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/workflows/misspell/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)\n[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/workflows/pre-commit-check/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-cloudtrail-logging/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)\n\u003ca href=\"https://twitter.com/intent/follow?screen_name=RhythmicTech\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/RhythmicTech?style=social\u0026logo=twitter\" alt=\"follow on Twitter\"\u003e\u003c/a\u003e\n\n\nConfigure CloudTrail logging to CloudWatch Logs and S3. When used with [CloudTrail Bucket module](https://github.com/rhythmictech/terraform-aws-cloudtrail-bucket), this properly configures CloudTrail logging with a KMS CMK as required by CIS.\n\nLogs can easily be centralized to a central security logging account by creating a bucket in a single account and referencing the bucket and KMS key.\n\n## Usage\n```\n\nmodule \"cloudtrail-logging\" {\n  source            = \"git::https://github.com/rhythmictech/terraform-cloudtrail-logging\"\n  region            = var.region\n  cloudtrail_bucket = module.cloudtrail-bucket.bucket_name\n  kms_key_id        = module.cloudtrail-bucket.kms_key_id\n}\n\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| terraform | \u003e= 0.12.20 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| aws | n/a |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| cloudtrail\\_bucket | Name of bucket for CloudTrail logs | `string` | n/a | yes |\n| kms\\_key\\_id | KMS key ARN to use for encrypting CloudTrail logs | `string` | n/a | yes |\n| region | Region that CloudWatch logging and the S3 bucket will live in | `string` | n/a | yes |\n| cloudtrail\\_name | Name for the CloudTrail | `string` | `\"cloudtrail-all\"` | no |\n| iam\\_path | Path under which to put the IAM role. Should begin and end with a '/'. | `string` | `\"/\"` | no |\n| lambda\\_functions | Lambda functions to log. Specify `[\"arn:aws:lambda\"]` for all, or `[ ]` for none. | `list` | `[]` | no |\n| log\\_group\\_name | Name for CloudTrail log group | `string` | `\"cloudtrail2cwl\"` | no |\n| retention\\_in\\_days | How long should CloudTrail logs be retained in CloudWatch (does not affect S3 storage). Set to -1 for indefinite storage. | `number` | `7` | no |\n| s3\\_object\\_level\\_buckets | ARNs of buckets for which to enable object level logging. Specify `[\"arn:aws:s3:::\"]` for all, or `[ ]` for none. If listing ARNs, make sure to end each one with a `/`. | `list` | `[]` | no |\n| tags | Mapping of any extra tags you want added to resources | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| cloudwatch\\_loggroup\\_arn | The arn of the CloudWatch log group |\n| cloudwatch\\_loggroup\\_name | The name of the CloudWatch log group |\n\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Related Projects\n* [CloudTrail Bucket module](https://github.com/rhythmictech/terraform-aws-cloudtrail-bucket)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-aws-cloudtrail-logging","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhythmictech%2Fterraform-aws-cloudtrail-logging","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-aws-cloudtrail-logging/lists"}