AFS
/
xdr-terraform-modules


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
							resource "aws_cloudwatch_log_group" "SubordinateCACloudTrailAnalysis" {
  provider = aws.common # COMMON SERVICES
  name     = "SubordinateCACloudTrailAnalysis"
}

resource "aws_iam_role" "subordinate_ca_cloudtrail_role" {
  provider           = aws.common # COMMON SERVICES
  name               = "subordinate_ca_cloudtrail_role"
  assume_role_policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
          "Service": "cloudtrail.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
}
EOF
}

resource "aws_iam_role_policy" "allow_stream_policy" {
  provider = aws.common # COMMON SERVICES
  name     = "allow_stream_change"
  role     = aws_iam_role.subordinate_ca_cloudtrail_role.id

  policy = <<EOF
{
      "Version": "2012-10-17",
      "Statement": [
          {
              "Effect": "Allow",
              "Action": [
                  "logs:CreateLogStream",
                  "logs:PutLogEvents"
              ],
              "Resource": [
                "${aws_cloudwatch_log_group.SubordinateCACloudTrailAnalysis.arn}"
              ]
          }
      ]
}
EOF
}

resource "aws_sns_topic" "subordinate_ca_notification" {
  provider = aws.common # COMMON SERVICES
  name     = "SubordinateCANotification"
}

resource "aws_sns_topic_subscription" "subordinate_ca_notification" {
  provider  = aws.common # COMMON SERVICES
  for_each  = local.recipients
  topic_arn = aws_sns_topic.subordinate_ca_notification.arn
  protocol  = "email"
  endpoint  = each.value
}


#resource "aws_cloudwatch_log_metric_filter" "rootEvent" {
#  name           = "Root_Account_Login"
#  pattern        = <<EOF
#{ ($.eventSource = "signin.amazonaws.com" ) && ( $.userIdentity.type = "Root" ) }
#EOF
#  log_group_name = "${aws_cloudwatch_log_group.SubordinateCACloudTrailAnalysis.name}"
#
#  metric_transformation {
#    name      = "${var.thiseventname}"
#    namespace = "${var.thisnamespace}"
#    value     = "1"
#  }
#}

data "aws_caller_identity" "current" {}
data "aws_iam_account_alias" "current" {}

#resource "aws_cloudwatch_metric_alarm" "rootAlarm" {
#  alarm_name          = "Root_Account_Login"
#  comparison_operator = "GreaterThanOrEqualToThreshold"
#  evaluation_periods  = "1"
#  metric_name         = "${var.thiseventname}"
#  namespace           = "${var.thisnamespace}"
#  period              = "300"
#  statistic           = "Sum"
#  threshold           = "1"

#  alarm_description = "in the AWS account with id = ${data.aws_caller_identity.current.account_id} and alias = ${data.aws_iam_account_alias.current.account_alias} the root user logged in"
#  alarm_actions     = ["${aws_sns_topic.subordinate_ca_notification.arn}"]
#}