This module will create a trail on cloudtrail with encryption enabled in organization mode
Module will deploy two buckets one as the trail storage and another as bucket logging plus KMS for server side encryption of the trails and logs
module "cloudtrail" {
source = "github.com:davejfranco/terraform-aws-cloudtrail.git"
user = "terraform"
trail_name = "audit_trail"
}
Name | Version |
---|---|
terraform | >= 1.2.3 |
aws | ~> 4.32.0 |
No modules.
Name | Type |
---|---|
aws_s3_bucket.this | resource |
aws_s3_bucket_public_access_block.this | resource |
aws_s3_bucket.this_access_log | resource |
aws_s3_bucket_public_access_block.this_access_log | resource |
aws_s3_bucket_acl.this_access_log_acl | resource |
aws_s3_bucket_logging.this | resource |
aws_iam_policy_document.this | data source |
aws_s3_bucket_policy.this | resource |
aws_iam_policy_document.kms_key | data source |
aws_kms_key.this | resource |
aws_kms_alias.this | resource |
aws_cloudwatch_log_group.trail_log | resource |
aws_iam_policy_document.cloudtrail_trust | data source |
aws_iam_policy_document.cloudwatch_log_policy | data source |
aws_iam_policy.cloudwatch_log_policy | resource |
aws_iam_role.trail_role | resource |
aws_iam_role_policy_attachment.trail_attachment | resource |
aws_cloudtrail.this | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
#trail_name | name of the trail | string |
n/a | yes |
user | name of the iam user applying terraform | string |
n/a | yes |
Name | Description |
---|---|
trail_id | CloudTrail ID |
kms_key_alias | Alias of the KMS key |
cloud_watch_logs_group_name | Name of the cloudwatch log group |