README.md 1.6 KB
terraform-aws-cloudtrail-bucket
Create and manage a bucket suitable for encrypted CloudTrail logging. Supports inbound logging from multiple accounts through the allowed_account_ids var.
Usage
module "cloudtrail-bucket" {
source = "git::https://github.com/rhythmictech/terraform-aws-cloudtrail-bucket"
logging_bucket = module.s3logging-bucket.s3logging_bucket_name
region = var.region
}
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_account_ids | Optional list of AWS Account IDs that are permitted to write to the bucket | list(string) | [] |
no |
| logging_bucket | S3 bucket with suitable access for logging requests to the cloudtrail bucket | string | n/a | yes |
| region | Region to create KMS key in | string | n/a | yes |
| tags | Mapping of any extra tags you want added to resources | map(string) | {} |
no |
Outputs
| Name | Description |
|---|---|
| kms_key_id | KMS key used by cloudtrail |
| s3_bucket_arn | The ARN of the bucket |
| s3_bucket_name | The name of the bucket |