| 1234567891011121314151617 |
- # Sets up a cloudtrail that keeps 7 days locally in cloudwatch logs and also sends everything to a bucket in C2
- module "cloudtrail-logging" {
- source = "../../thirdparty/terraform-aws-cloudtrail-logging"
- region = var.aws_region
- cloudtrail_name = "xdr-centralized-cloudtrail"
- cloudtrail_bucket = "xdr-cloudtrail-logs-${local.logging_environment}"
- iam_path = "/aws_services/"
- # kms broken in us-gov-east-1: Reenable after 11/15/2021
- kms_key_id = var.cloudtrail_key_arn
- log_group_name = var.log_group_name
- retention_in_days = 7 # Days available in the local account cloudtrail logs. See the S3 bucket for retention there.
- # Uncomment to enable object level logging. If specifying individual buckets, be sure to end with a `/'
- # This is not enabled by default due to the recursive nature: A log is written, splunk reads it, which results in a log being written.
- # This is not a CIS requirement.
- #s3_object_level_buckets = [ "arn:${var.aws_partition}:s3:::" ]
- lambda_functions = [ "arn:${var.aws_partition}:lambda" ]
- }
|
