https://github.com/wearetechnative/terraform-aws-module-cloudtrail
https://github.com/wearetechnative/terraform-aws-module-cloudtrail
Last synced: 5 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/wearetechnative/terraform-aws-module-cloudtrail
- Owner: wearetechnative
- License: apache-2.0
- Created: 2024-12-03T10:05:04.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-02-18T11:21:17.000Z (over 1 year ago)
- Last Synced: 2025-02-18T12:24:53.620Z (over 1 year ago)
- Language: HCL
- Size: 164 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform AWS [cloudtrail]
This module implements an extended CloudTrail setup to debug issues with customers.
[](https://www.technative.nl)
## How does it work
### First use after you clone this repository or when .pre-commit-config.yaml is updated
Run `pre-commit install` to install any guardrails implemented using pre-commit.
See [pre-commit installation](https://pre-commit.com/#install) on how to install pre-commit.
BEWARE: Some data level logging is enabled as well by default.
## Usage
To use this module see below. It only requires a name and KMS key reference.
Make sure you also set this up on us-east-1 to capture any global resource activity.
```hcl
module "cloudtrail" {
source = "git@github.com:TechNative-B-V/terraform-aws-module-cloudtrail.git?ref=bcf75a7fa6f7b891993936290059efb7d16a7490"
name = "debug"
kms_key_arn = module.athena_kms.kms_key_arn
enable_organization_trail = false
}
```
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >=4.21.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [this](#module\_this) | git@github.com:TechNative-B-V/terraform-aws-module-s3.git/ | d23eda80e3de956f30f176fc1f2e0cdfa3ac3ae8 |
## Resources
| Name | Type |
|------|------|
| [aws_cloudtrail.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |
| [aws_arn.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.cloudtrail_account_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cloudtrail_base_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cloudtrail_organization_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.cloudtrail_s3_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [enable\_organization\_trail](#input\_enable\_organization\_trail) | Use organization trail, requires management account. Disables object level events to prevent cost increase. | `bool` | `false` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key to use for encrypting CloudTrail S3 logs. | `string` | n/a | yes |
| [name](#input\_name) | Prefix name for DynamoDB. Must be unique within the region. | `string` | n/a | yes |
## Outputs
No outputs.