Jeremy Cooper [AFS MBP]
afd5805a2a
Updates third party Pre-commit-Hook & TF Hook
|
3 yıl önce | |
|---|---|---|
| .. | ||
| .pre-commit-config.yaml | 3 yıl önce | |
| .terraform-version | 5 yıl önce | |
| LICENSE | 5 yıl önce | |
| README.md | 5 yıl önce | |
| SOURCE | 5 yıl önce | |
| main.tf | 3 yıl önce | |
| output.tf | 5 yıl önce | |
| variables.tf | 3 yıl önce | |
README.md
terraform-aws-cloudtrail-logging
Configure CloudTrail logging to CloudWatch Logs and S3. When used with CloudTrail Bucket module, this properly configures CloudTrail logging with a KMS CMK as required by CIS.
Logs can easily be centralized to a central security logging account by creating a bucket in a single account and referencing the bucket and KMS key.
Usage
module "cloudtrail-logging" {
source = "git::https://github.com/rhythmictech/terraform-cloudtrail-logging"
region = var.region
cloudtrail_bucket = module.cloudtrail-bucket.bucket_name
kms_key_id = module.cloudtrail-bucket.kms_key_id
}
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudtrail_bucket | Name of bucket for CloudTrail logs | string | n/a | yes |
| cloudtrail_name | Name for the CloudTrail | string | "cloudtrail-all" |
no |
| kms_key_id | KMS key ARN to use for encrypting CloudTrail logs | string | n/a | yes |
| log_group_name | Name for CloudTrail log group | string | "cloudtrail2cwl" |
no |
| region | Region that CloudWatch logging and the S3 bucket will live in | string | n/a | yes |
| retention_in_days | How long should CloudTrail logs be retained in CloudWatch (does not affect S3 storage). Set to -1 for indefinite storage. | number | "7" |
no |
Outputs
| Name | Description |
|---|---|
| cloudwatch_loggroup_arn | The arn of the CloudWatch log group |
| cloudwatch_loggroup_name | The name of the CloudWatch log group |