https://github.com/geekcell/terraform-aws-cloudtrail-alerts

Terraform module to provision an AWS Cloudwatch Alerts for Cloudtrail.
https://github.com/geekcell/terraform-aws-cloudtrail-alerts

alarm alert audit aws cis cloudtrail cloudwatch logging sns terraform terraform-module

Last synced: 9 months ago
JSON representation

Terraform module to provision an AWS Cloudwatch Alerts for Cloudtrail.

• Host: GitHub
• URL: https://github.com/geekcell/terraform-aws-cloudtrail-alerts
• Owner: geekcell
• License: apache-2.0
• Created: 2023-06-07T13:40:47.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2023-11-21T08:23:27.000Z (over 2 years ago)
• Last Synced: 2025-10-01T22:56:46.515Z (9 months ago)
• Topics: alarm, alert, audit, aws, cis, cloudtrail, cloudwatch, logging, sns, terraform, terraform-module
• Language: HCL
• Homepage: https://www.geekcell.io
• Size: 28.3 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          

[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)

### Code Quality

[![License](https://img.shields.io/github/license/geekcell/terraform-aws-cloudtrail-alerts)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/blob/master/LICENSE)

[![GitHub release (latest tag)](https://img.shields.io/github/v/release/geekcell/terraform-aws-cloudtrail-alerts?logo=github&sort=semver)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/releases)

[![Release](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/release.yaml)

[![Validate](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/validate.yaml)

[![Lint](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/linter.yaml)

# Terraform AWS CloudTrail Alerts Module

A module that create CloudWatch metric filters and alarms required for most modern compliance reports. This

module includes the necessary metric filters and alarms for the following compliance reports:

| Compliance Report | Sections |

|---|---|

| CIS AWS Foundations Benchmark v1.5.0 | Section 4.1 - 4.15 |

| NIST 800-171 v2 | Section 3.12.3 |

| ISO/IEC 27001 v2 | Section A.12.4.1 |

| PCI DSS v3.2.1 | Section 10.1 |

| SOC 2 v2 | Section 5.2 |

This module can also create an SNS topic with a Slack channel configuration for AWS Chatbot (must be configured)

manually in the AWS Console.

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [cloudtrail\_log\_group\_name](#input\_cloudtrail\_log\_group\_name) | The name of the CloudWatch log group to filter for events. Defaults to the AWS Control Tower created Baseline. | `string` | `"aws-controltower/CloudTrailLogs"` | no |

|  [cloudwatch\_namespace](#input\_cloudwatch\_namespace) | The namespace to use for the CloudWatch metric filter. | `string` | `"CISBenchmark"` | no |

|  [prefix](#input\_prefix) | Prefix that will added to created resources. | `string` | n/a | yes |

|  [slack\_channel\_id](#input\_slack\_channel\_id) | The ID of the Slack channel to send alerts to. | `string` | `null` | no |

|  [slack\_workspace\_id](#input\_slack\_workspace\_id) | The ID of the Slack workspace to send alerts to. | `string` | `null` | no |

|  [sns\_kms\_master\_key\_alias](#input\_sns\_kms\_master\_key\_alias) | The alias of the KMS key to use to encrypt the SNS topic if no key is provided. | `string` | `"alias/sns/cloudtrail-alerts"` | no |

|  [sns\_kms\_master\_key\_id](#input\_sns\_kms\_master\_key\_id) | The ARN of the KMS key to use to encrypt the SNS topic. Will create a new CMK if not provided. | `string` | `null` | no |

|  [sns\_topic\_arn](#input\_sns\_topic\_arn) | Use an existing SNS topic to send alerts to. | `string` | `null` | no |

|  [tags](#input\_tags) | Tags to add to the created resources. | `map(any)` | `{}` | no |

## Outputs

No outputs.

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 4.40 |

|  [awscc](#provider\_awscc) | 0.53.0 |

## Resources

- resource.aws_cloudwatch_log_metric_filter.main (main.tf#24)

- resource.aws_cloudwatch_metric_alarm.main (main.tf#38)

- resource.aws_kms_alias.main (main.tf#71)

- resource.aws_kms_key.main (main.tf#59)

- resource.aws_sns_topic.main (main.tf#110)

- resource.awscc_chatbot_slack_channel_configuration.main (main.tf#120)

- data source.aws_caller_identity.current (main.tf#18)

- data source.aws_cloudwatch_log_group.cloudtrail (main.tf#20)

- data source.aws_iam_policy_document.kms (main.tf#78)

# Examples

### Complete

```hcl

module "example" {

  source = "../../"

  prefix = "root"

}

```