Giters

davejfranco / terraform-aws-cloudtrail

a terraform module to deploy cloudtrail supporting organizations and KMS

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

terraform-aws-cloudtrail

This module will create a trail on cloudtrail with encryption enabled in organization mode

How to use the module

Module will deploy two buckets one as the trail storage and another as bucket logging plus KMS for server side encryption of the trails and logs

module "cloudtrail" {
  source = "github.com:davejfranco/terraform-aws-cloudtrail.git"
  
  user       = "terraform"
  trail_name = "audit_trail"
}

Requirements

Name Version
terraform >= 1.2.3
aws ~> 4.32.0

Modules

No modules.

Resources

Name Type
aws_s3_bucket.this resource
aws_s3_bucket_public_access_block.this resource
aws_s3_bucket.this_access_log resource
aws_s3_bucket_public_access_block.this_access_log resource
aws_s3_bucket_acl.this_access_log_acl resource
aws_s3_bucket_logging.this resource
aws_iam_policy_document.this data source
aws_s3_bucket_policy.this resource
aws_iam_policy_document.kms_key data source
aws_kms_key.this resource
aws_kms_alias.this resource
aws_cloudwatch_log_group.trail_log resource
aws_iam_policy_document.cloudtrail_trust data source
aws_iam_policy_document.cloudwatch_log_policy data source
aws_iam_policy.cloudwatch_log_policy resource
aws_iam_role.trail_role resource
aws_iam_role_policy_attachment.trail_attachment resource
aws_cloudtrail.this resource

Inputs

Name Description Type Default Required
#trail_name name of the trail string n/a yes
user name of the iam user applying terraform string n/a yes

Outputs

Name Description
trail_id CloudTrail ID
kms_key_alias Alias of the KMS key
cloud_watch_logs_group_name Name of the cloudwatch log group

About

a terraform module to deploy cloudtrail supporting organizations and KMS

License:MIT License

Languages

Language:HCL 100.0%