├── .deepsource.toml ├── .github ├── CODEOWNERS ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── auto_assignee.yml │ ├── automerge.yml │ ├── changelog.yml │ ├── readme.yml │ ├── tf-checks.yml │ ├── tflint.yml │ └── tfsec.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CHANGELOG.md ├── LICENSE ├── Makefile ├── README.md ├── README.yaml ├── docs └── io.md ├── examples ├── example.tf ├── outputs.tf └── versions.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.deepsource.toml: -------------------------------------------------------------------------------- 1 | version = 1 2 | 3 | [[analyzers]] 4 | name = "terraform" -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in the repo. 2 | * @anmolnagpal @clouddrove/approvers @clouddrove-ci -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## what 2 | * Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) 3 | * Use bullet points to be concise and to the point. 4 | 5 | ## why 6 | * Provide the justifications for the changes (e.g. business case). 7 | * Describe why these changes were made (e.g. why do these commits fix the problem?) 8 | * Use bullet points to be concise and to the point. 9 | 10 | ## references 11 | * Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). 12 | * Use `closes #123`, if this PR closes a Jira issue `#123` 13 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | version: 2 6 | updates: 7 | - package-ecosystem: "terraform" # See documentation for possible values 8 | directory: "/" # Location of package manifests 9 | schedule: 10 | interval: "weekly" 11 | # Add assignees 12 | assignees: 13 | - "clouddrove-ci" 14 | # Add reviewer 15 | reviewers: 16 | - "approvers" 17 | - package-ecosystem: "terraform" # See documentation for possible values 18 | directory: "examples/" # Location of package manifests 19 | schedule: 20 | interval: "weekly" 21 | # Add assignees 22 | assignees: 23 | - "clouddrove-ci" 24 | # Add reviewer 25 | reviewers: 26 | - "approvers" 27 | -------------------------------------------------------------------------------- /.github/workflows/auto_assignee.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto Assign PRs 3 | on: 4 | pull_request: 5 | types: [opened, reopened] 6 | workflow_dispatch: 7 | jobs: 8 | assignee: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master 10 | secrets: 11 | GITHUB: ${{ secrets.GITHUB }} 12 | with: 13 | assignees: 'clouddrove-ci' 14 | ... 15 | -------------------------------------------------------------------------------- /.github/workflows/automerge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto merge 3 | on: 4 | pull_request: 5 | jobs: 6 | auto-merge: 7 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master 8 | secrets: 9 | GITHUB: ${{ secrets.GITHUB }} 10 | with: 11 | tfcheck: 'tf-checks-example / Check code format' 12 | ... 13 | -------------------------------------------------------------------------------- /.github/workflows/changelog.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: changelog 3 | permissions: write-all 4 | on: 5 | push: 6 | tags: 7 | - "*" 8 | workflow_dispatch: 9 | jobs: 10 | changelog: 11 | uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master 12 | secrets: inherit 13 | with: 14 | branch: 'master' 15 | ... 16 | -------------------------------------------------------------------------------- /.github/workflows/readme.yml: -------------------------------------------------------------------------------- 1 | name: Readme Workflow 2 | on: 3 | push: 4 | branches: 5 | - master 6 | paths-ignore: 7 | - 'README.md' 8 | - 'docs/**' 9 | workflow_dispatch: 10 | jobs: 11 | README: 12 | uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master 13 | secrets: 14 | TOKEN : ${{ secrets.GITHUB }} 15 | SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} -------------------------------------------------------------------------------- /.github/workflows/tf-checks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: tf-checks 3 | on: 4 | push: 5 | branches: [ master ] 6 | pull_request: 7 | workflow_dispatch: 8 | jobs: 9 | tf-checks-example: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 11 | with: 12 | working_directory: './examples/' 13 | ... 14 | -------------------------------------------------------------------------------- /.github/workflows/tflint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: tf-lint 3 | on: 4 | push: 5 | branches: [ master ] 6 | pull_request: 7 | workflow_dispatch: 8 | jobs: 9 | tf-lint: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master 11 | secrets: 12 | GITHUB: ${{ secrets.GITHUB }} 13 | ... 14 | -------------------------------------------------------------------------------- /.github/workflows/tfsec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: tfsec 3 | permissions: write-all 4 | on: 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tfsec: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master 10 | secrets: inherit 11 | with: 12 | working_directory: '.' 13 | ... 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignored files 2 | *~ 3 | 4 | # temporary files which can be created if a process still has a handle open of a deleted file 5 | .fuse_hidden* 6 | 7 | # KDE directory preferences 8 | .directory 9 | 10 | # Linux trash folder which might appear on any partition or disk 11 | .Trash-* 12 | 13 | # .nfs files are created when an open file is removed but is still being accessed 14 | .nfs* 15 | ### Eclipse template 16 | 17 | .metadata 18 | bin/ 19 | tmp/ 20 | *.tmp 21 | *.bak 22 | *.swp 23 | *~.nib 24 | local.properties 25 | .settings/ 26 | .loadpath 27 | .recommenders 28 | 29 | # External tool builders 30 | .externalToolBuilders/ 31 | 32 | # Locally stored "Eclipse launch configurations" 33 | *.launch 34 | 35 | # PyDev specific (Python IDE for Eclipse) 36 | *.pydevproject 37 | 38 | # CDT-specific (C/C++ Development Tooling) 39 | .cproject 40 | 41 | # Java annotation processor (APT) 42 | .factorypath 43 | 44 | # PDT-specific (PHP Development Tools) 45 | .buildpath 46 | 47 | # sbteclipse plugin 48 | .target 49 | 50 | # Tern plugin 51 | .tern-project 52 | 53 | # TeXlipse plugin 54 | .texlipse 55 | 56 | # STS (Spring Tool Suite) 57 | .springBeans 58 | 59 | # Code Recommenders 60 | .recommenders/ 61 | 62 | # Scala IDE specific (Scala & Java development for Eclipse) 63 | .cache-main 64 | .scala_dependencies 65 | .worksheet 66 | ### Windows template 67 | # Windows thumbnail cache files 68 | Thumbs.db 69 | ehthumbs.db 70 | ehthumbs_vista.db 71 | 72 | # Dump file 73 | *.stackdump 74 | 75 | # Folder config file 76 | [Dd]esktop.ini 77 | 78 | # Recycle Bin used on file shares 79 | $RECYCLE.BIN/ 80 | 81 | # Windows Installer files 82 | *.cab 83 | *.msi 84 | *.msm 85 | *.msp 86 | 87 | # Windows shortcuts 88 | *.lnk 89 | ### Ansible template 90 | *.retry 91 | ### macOS template 92 | # General 93 | .DS_Store 94 | .AppleDouble 95 | .LSOverride 96 | 97 | # Icon must end with two \r 98 | Icon 99 | 100 | # Thumbnails 101 | ._* 102 | 103 | # Files that might appear in the root of a volume 104 | .DocumentRevisions-V100 105 | .fseventsd 106 | .Spotlight-V100 107 | .TemporaryItems 108 | .Trashes 109 | .VolumeIcon.icns 110 | .com.apple.timemachine.donotpresent 111 | 112 | # Directories potentially created on remote AFP share 113 | .AppleDB 114 | .AppleDesktop 115 | Network Trash Folder 116 | Temporary Items 117 | .apdisk 118 | ### Archives template 119 | # It's better to unpack these files and commit the raw source because 120 | # git has its own built in compression methods. 121 | *.7z 122 | *.jar 123 | *.rar 124 | *.zip 125 | *.gz 126 | *.tgz 127 | *.bzip 128 | *.bz2 129 | *.xz 130 | *.lzma 131 | *.cab 132 | 133 | # Packing-only formats 134 | *.iso 135 | *.tar 136 | 137 | # Package management formats 138 | *.dmg 139 | *.xpi 140 | *.gem 141 | *.egg 142 | *.deb 143 | *.rpm 144 | *.msi 145 | *.msm 146 | *.msp 147 | ### JetBrains template 148 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm 149 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 150 | 151 | /.idea/ 152 | # User-specific stuff: 153 | .idea/**/workspace.xml 154 | .idea/**/tasks.xml 155 | .idea/dictionaries 156 | 157 | # Sensitive or high-churn files: 158 | .idea/**/dataSources/ 159 | .idea/**/dataSources.ids 160 | .idea/**/dataSources.xml 161 | .idea/**/dataSources.local.xml 162 | .idea/**/sqlDataSources.xml 163 | .idea/**/dynamic.xml 164 | .idea/**/uiDesigner.xml 165 | 166 | # Gradle: 167 | .idea/**/gradle.xml 168 | .idea/**/libraries 169 | 170 | # CMake 171 | cmake-build-debug/ 172 | 173 | # Mongo Explorer plugin: 174 | .idea/**/mongoSettings.xml 175 | 176 | ## File-based project format: 177 | *.iws 178 | 179 | ## Plugin-specific files: 180 | 181 | # IntelliJ 182 | out/ 183 | 184 | # mpeltonen/sbt-idea plugin 185 | .idea_modules/ 186 | # User-specific stuff: 187 | .idea/* 188 | # JIRA plugin 189 | atlassian-ide-plugin.xml 190 | 191 | # Cursive Clojure plugin 192 | .idea/replstate.xml 193 | 194 | # TFstste 195 | *.tfstate* 196 | 197 | deployment/_logs/ansible-log.json 198 | deployment/_logs/ansible-log.log 199 | deployment/_logs/facts/* 200 | deployment/_logs/retry/* 201 | _app/* 202 | ansible-log.json 203 | .terraform 204 | terraform.tfstate 205 | 206 | *.tfstate 207 | *.tfstate.backup 208 | *.iml 209 | *.terraform.lock.hcl 210 | *.lock.hcl -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | 3 | - repo: https://github.com/gruntwork-io/pre-commit 4 | rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases 5 | hooks: 6 | - id: terraform-fmt 7 | - id: shellcheck 8 | - id: tflint 9 | 10 | - repo: git://github.com/pre-commit/pre-commit-hooks 11 | rev: v4.0.1 # Use the ref you want to point at 12 | hooks: 13 | - id: end-of-file-fixer 14 | - id: trailing-whitespace 15 | - id: mixed-line-ending 16 | - id: check-byte-order-marker 17 | - id: check-executables-have-shebangs 18 | - id: check-merge-conflict 19 | - id: debug-statements 20 | - id: check-yaml 21 | - id: check-added-large-files 22 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [1.4.2] - 2024-05-23 8 | ### :memo: Documentation Changes 9 | - [`6fc2afe`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/6fc2afee30e219d18040c446a54803d00b0d6ff9) - update CHANGELOG.md for 1.4.1 *(commit by [@clouddrove-ci](https://github.com/clouddrove-ci))* 10 | 11 | 12 | ## [1.4.1] - 2024-05-16 13 | ### :sparkles: New Features 14 | - [`4c69281`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/4c692814d16d40a1829dd5db1fdd28da34def1e1) - s3_key_prefix attribute for cloudtrail *(PR [#26](https://github.com/clouddrove/terraform-aws-cloudtrail/pull/26) by [@h1manshu98](https://github.com/h1manshu98))* 15 | - [`96d1337`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/96d13371e40d6c2c1bc6c500362feed7e0b8216e) - Add automerge github shared workflow *(PR [#27](https://github.com/clouddrove/terraform-aws-cloudtrail/pull/27) by [@vaibhav7797](https://github.com/vaibhav7797))* 16 | - [`2ba5e13`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2ba5e1369129ee8f999b6b4650ca42a2a0053df3) - updated example path and readme paramters *(commit by [@VishwajitNagulkar](https://github.com/VishwajitNagulkar))* 17 | 18 | ### :bug: Bug Fixes 19 | - [`6ab6f6f`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/6ab6f6f9a8d1a460c7b197c1d79c5ca8f11629ea) - fixed cloudtrail log group creation issue *(PR [#30](https://github.com/clouddrove/terraform-aws-cloudtrail/pull/30) by [@nileshgadgi](https://github.com/nileshgadgi))* 20 | 21 | ### :memo: Documentation Changes 22 | - [`6d45226`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/6d452269e154aaef69987ac9fa16ec085c4eb741) - update CHANGELOG.md for 1.4.0 *(commit by [@clouddrove-ci](https://github.com/clouddrove-ci))* 23 | 24 | 25 | ## [1.4.0] - 2023-07-19 26 | ### :sparkles: New Features 27 | - [`fbdd962`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/fbdd962bdd32cb3e9c585bcf6a40ec45bebb0da5) - add changelog.yml file and use shared-workflows *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 28 | - [`c3bc36c`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/c3bc36cea431a02087b7d5de12465b90319b72bc) - added dependabot.yml *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 29 | - [`74a9932`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/74a993255238361fb61421e83e6467dae0c483ca) - auto changelog action added *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 30 | - [`31ec785`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/31ec78548ae4b2e4e1f849b4f5effc716b846b24) - add deepsource & added assignees,reviewer in dependabot *(commit by [@Tanveer143s](https://github.com/Tanveer143s))* 31 | - [`4da6474`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/4da64740536f8d1ff21be39cb7f5f3f933df9dfa) - dynamic values and fixed main file *(commit by [@anmolnagpal](https://github.com/anmolnagpal))* 32 | 33 | ### :bug: Bug Fixes 34 | - [`a2a5a9b`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/a2a5a9bf615061fd9f2956efd5c96fc55ad0b9d5) - update s3 for label and data for name *(commit by [@nileshgadgi](https://github.com/nileshgadgi))* 35 | - [`dd0c134`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/dd0c134f492d98e744144e205906483d29165e00) - update local variables *(commit by [@nileshgadgi](https://github.com/nileshgadgi))* 36 | - [`3730c0f`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/3730c0f63aec0078a8521cadebc8f7f9ba5f7667) - pass direct value in name and env of bucket in examlpe *(commit by [@nileshgadgi](https://github.com/nileshgadgi))* 37 | 38 | 39 | ## [1.3.0] - 2022-02-22 40 | ### :bug: Bug Fixes 41 | - [`66ed839`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/66ed839f98b3743b89561e530a85ae7aa89e328c) - update README.md . 42 | 43 | ## [1.0.1] - 2022-05-13 44 | ### :bug: Bug Fixes 45 | - [`7ac1ceb`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/7ac1cebf7c5b651918c392cdb936aca74d1de405) - use terraform letast version 46 | 47 | 48 | ## [0.15.0] - 2021-10-16 49 | ### :bug: Bug Fixes 50 | - [`1c2adf6`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/1c2adf613f8343a1b7cc4af3c59a61db797e6fe5) - github-action Update,update-license 51 | 52 | 53 | ## [0.14.0] - 2021-05-15 54 | ### :sparkles: New Features 55 | - [`2be3a30`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2be3a30f56ba82bb6344e93b44346dbb354b0f65) - enabled multi region deployment 56 | - [`c63350d`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/c63350dcfd77036aea553c95ced761bb8f61d490) - added Support for 0.15 57 | - [`d970727`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/d9707272e41744191068c9f8fbd9112bc005d578) - add logs group 58 | 59 | ## [0.13.0] - 2020-10-26 60 | ### :sparkles: New Features 61 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 62 | - [`a3fcfb2`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/a3fcfb28cc3de32f6dc6da883bdab1995d7902e6) - add group arn 63 | - [`f2f6133`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/f2f613389b731f8cfdf8bf4b64c2090a846953fa) - is_multi_region_trail var default for true 64 | - [`2be3a30`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2be3a30f56ba82bb6344e93b44346dbb354b0f65) - enabled multi region deployment 65 | - [`c63350d`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/c63350dcfd77036aea553c95ced761bb8f61d490) - added Support for 0.15 66 | 67 | 68 | ## [0.12.5] - 2020-10-05 69 | ### :bug: Bug Fixes 70 | - [`acd9fd8`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/acd9fd8db6cff43256a6374e0b95dafef06a9fc4) - updated and upgraded 71 | - [`4ab05da`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/4ab05da4933040697012068e5435fa5594e9503d) - upgrade terraform version to 0.13.0 and add pipelines 72 | 73 | ### :sparkles: New Features 74 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 75 | - [`a3fcfb2`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/a3fcfb28cc3de32f6dc6da883bdab1995d7902e6) - add group arn 76 | - [`f2f6133`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/f2f613389b731f8cfdf8bf4b64c2090a846953fa) - is_multi_region_trail var default for true 77 | - [`2be3a30`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2be3a30f56ba82bb6344e93b44346dbb354b0f65) - enabled multi region deployment 78 | - [`d970727`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/d9707272e41744191068c9f8fbd9112bc005d578) - add logs group 79 | 80 | 81 | ## [0.12.4] - 2020-05-24 82 | ### :bug: Bug Fixes 83 | - [`ff43849`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/ff438494fa606cdb97aa7a4689f58caec25c246f) - update log roup arn 84 | - [`cdbadc8`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/cdbadc82b013a17a565798a277e6ef08ada48202) - updated and upgraded 85 | 86 | ### :sparkles: New Features 87 | - [`43494ed`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/43494edce1dd3110561322aa754ce298c1235eb9) - Revert "update log roup arn" 88 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 89 | - [`2be3a30`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2be3a30f56ba82bb6344e93b44346dbb354b0f65) - enabled multi region deployment 90 | - [`d970727`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/d9707272e41744191068c9f8fbd9112bc005d578) - add logs group 91 | 92 | 93 | ## [0.12.3] - 2020-04-25 94 | ### :bug: Bug Fixes 95 | - [`ff43849`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/ff438494fa606cdb97aa7a4689f58caec25c246f) - update log roup arn 96 | 97 | ### :sparkles: New Features 98 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 99 | - [`f2f6133`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/f2f613389b731f8cfdf8bf4b64c2090a846953fa) -is_multi_region_trail var default for true 100 | - [`2fa6a3b`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2fa6a3bb1eca0a987aedd5c3b26e0effe55767d7) -small correction 101 | 102 | ## [0.12.2] - 2019-09-25 103 | ### :bug: Bug Fixes 104 | - [`e1f33f5`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/e1f33f575fac069c2b559af580294982a940e1a5) - fix labels managedby variables 105 | - [`ff43849`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/ff438494fa606cdb97aa7a4689f58caec25c246f) - update log roup arn 106 | 107 | ### :sparkles: New Features 108 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 109 | - [`f2f6133`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/f2f613389b731f8cfdf8bf4b64c2090a846953fa) - is_multi_region_trail var default for true 110 | 111 | ## [0.12.1] - 2019-09-05 112 | ### :bug: Bug Fixes 113 | - [`2ff2702`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2ff27020bd7c3b3c86e2d6f0f13edb5eb3cb7964) - change output syntax 114 | - [`73c1e39`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/73c1e39fa4919ed916744f1d8a61fd8acb2b6a10) - bug fix 115 | - [`ba9b774`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/ba9b7748d53ab7dad719d7c2362ac5fb64b038cd) - update log roup arn 116 | 117 | ### :sparkles: New Features 118 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 119 | - [`a3fcfb2`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/a3fcfb28cc3de32f6dc6da883bdab1995d7902e6) - add group arn 120 | 121 | 122 | ## [0.12.0] - 2019-08-12 123 | ### :bug: Bug Fixes 124 | - [`2ff2702`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/2ff27020bd7c3b3c86e2d6f0f13edb5eb3cb7964) - change output syntax 125 | - [`e1f33f5`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/e1f33f575fac069c2b559af580294982a940e1a5) - fix labels managedby variables 126 | - [`ff43849`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/ff438494fa606cdb97aa7a4689f58caec25c246f) - update log roup arn 127 | 128 | ### :sparkles: New Features 129 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 130 | 131 | 132 | ## [0.11.0] - 2019-08-12 133 | ### :bug: Bug Fixes 134 | - [`ff43849`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/ff438494fa606cdb97aa7a4689f58caec25c246f) - update log roup arn 135 | - [`43494ed`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/43494edce1dd3110561322aa754ce298c1235eb9) - Revert "update log roup arn" 136 | 137 | ### :sparkles: New Features 138 | - [`0057601`](https://github.com/clouddrove/terraform-aws-cloudtrail/commit/0057601cd6780d4b18066769073abc2beaf69725) - add event_selector as a varible 139 | 140 | 141 | [0.11.0]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.11.0...master 142 | [0.12.0]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.12.0...master 143 | [0.12.1]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.12.1...master 144 | [0.12.2]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.12.2...master 145 | [0.12.3]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.12.3...master 146 | [0.12.4]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.12.4...master 147 | [0.12.5]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.12.5...master 148 | [0.13.0]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.13.0...master 149 | [0.14.0]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.14.0...master 150 | [0.15.0]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/0.15.0...master 151 | [1.0.1]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/1.0.1...master 152 | [1.3.0]: https://github.com/clouddrove/terraform-aws-cloudtrail/releases/tag/1.3.0 153 | [1.4.0]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/1.3.0...1.4.0 154 | [1.4.1]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/1.4.0...1.4.1 155 | [1.4.2]: https://github.com/clouddrove/terraform-aws-cloudtrail/compare/1.4.1...1.4.2 156 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021 CloudDrove Inc. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export GENIE_PATH ?= $(shell 'pwd')/../../../genie 2 | 3 | include $(GENIE_PATH)/Makefile 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Banner](https://github.com/clouddrove/terraform-module-template/assets/119565952/67a8a1af-2eb7-40b7-ae07-c94cde9ce062)][website] 3 |

4 | Terraform AWS Cloudtrail 5 |

6 | 7 |

8 | With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. 9 |

10 | 11 | 12 |

13 | 14 | 15 | Latest Release 16 | 17 | 18 | tfsec 19 | 20 | 21 | Licence 22 | 23 | 24 | Changelog 25 | 26 | 27 | 28 |

29 |

30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 |

45 |
46 | 47 | 48 | We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. 49 | 50 | 51 | This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. 52 | 53 | 54 | 55 | 56 | ## Prerequisites and Providers 57 | 58 | This table contains both Prerequisites and Providers: 59 | 60 | | Description | Name | Version | 61 | |:-------------:|:-------------------------------------------:|:---------:| 62 | | **Prerequisite** | [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) | >= 1.6.1 | 63 | | **Provider** | [aws](https://aws.amazon.com/) | >= 5.21.0 | 64 | 65 | 66 | 67 | 68 | 69 | ## Examples 70 | 71 | **IMPORTANT:** Since the master branch used in source varies based on new modifications, we recommend using the [release versions](https://github.com/clouddrove/terraform-aws-cloudtrail/releases). 72 | 73 | 📌 For additional usage examples, check the complete list under [`examples/`](./examples) directory. 74 | 75 | 76 | 77 | ## Inputs and Outputs 78 | 79 | Refer to complete documentation: [here](docs/io.md) 80 | 81 | 82 | 93 | 94 | 95 | ## Module Dependencies 96 | 97 | This module has dependencies on: 98 | - [Labels Module](https://github.com/clouddrove/terraform-aws-labels): Provides resource tagging. 99 | 100 | 101 | ## 📑 Changelog 102 | 103 | Refer [here](CHANGELOG.md). 104 | 105 | 106 | 107 | 108 | ## ✨ Contributors 109 | 110 | Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. 111 | 112 | 113 | 114 | 115 |
116 |
117 | 118 | If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!): 119 | 120 | - **Fork the Repository:** Create a new branch for your feature or bug fix. 121 | - **Coding Standards:** You know the drill. 122 | - **Clear Commit Messages:** Write clear and concise commit messages to facilitate understanding. 123 | - **Thorough Testing:** Test your changes thoroughly before submitting a pull request. 124 | - **Documentation Updates:** Include relevant documentation updates if your changes impact it. 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | ## Feedback 139 | Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-cloudtrail/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). 140 | 141 | Show some love with a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-cloudtrail)! if our work has brightened your day! – your feedback fuels our journey! 142 | 143 | 144 | ## :rocket: Our Accomplishment 145 | 146 | We have [*100+ Terraform modules*][terraform_modules] 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. 147 | 148 | - [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. 149 | 150 | - [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. 151 | 152 | - [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. 153 | 154 | 155 | 156 | 157 | ## Join Our Slack Community 158 | 159 | Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. 160 | Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. 161 | 162 | 🌐💬What you'll get after joining this Slack community: 163 | 164 | - 🚀 Encouragement to upgrade your best version. 165 | - 🌈 Learning companionship with our DevOps squad. 166 | - 🌱 Relentless growth with daily updates on new advancements in technologies. 167 | 168 | Join our tech elites [Join Now][slack] 🚀 169 | 170 | 171 | ## Explore Our Blogs 172 | 173 | Click [here][blog] :books: :star2: 174 | 175 | ## Tap into our capabilities 176 | We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. 177 | 178 | At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com). 179 | 180 |

We are The Cloud Experts!

181 |
182 |

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

183 | 184 | [website]: https://clouddrove.com 185 | [blog]: https://blog.clouddrove.com 186 | [slack]: https://www.launchpass.com/devops-talks 187 | [github]: https://github.com/clouddrove 188 | [linkedin]: https://cpco.io/linkedin 189 | [twitter]: https://twitter.com/clouddrove/ 190 | [email]: https://clouddrove.com/contact-us.html 191 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 192 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | # 6 | 7 | # Name of this project 8 | name: Terraform AWS Cloudtrail 9 | 10 | # License of this project 11 | license: "APACHE" 12 | 13 | # Canonical GitHub repo 14 | github_repo: clouddrove/terraform-aws-cloudtrail 15 | 16 | # Badges to display 17 | badges: 18 | - name: "Latest Release" 19 | image: "https://img.shields.io/github/release/clouddrove/terraform-aws-cloudtrail.svg" 20 | url: "https://github.com/clouddrove/terraform-aws-cloudtrail/releases/latest" 21 | - name: "tfsec" 22 | image: "https://github.com/clouddrove/terraform-aws-cloudtrail/actions/workflows/tfsec.yml/badge.svg" 23 | url: "https://github.com/clouddrove/terraform-aws-cloudtrail/actions/workflows/tfsec.yml" 24 | - name: "Licence" 25 | image: "https://img.shields.io/badge/License-APACHE-blue.svg" 26 | url: "LICENSE.md" 27 | - name: "Changelog" 28 | image: "https://img.shields.io/badge/Changelog-blue" 29 | url: "CHANGELOG.md" 30 | 31 | prerequesties: 32 | - name: Terraform 33 | url: https://learn.hashicorp.com/terraform/getting-started/install.html 34 | version: ">= 1.6.1" 35 | 36 | providers: 37 | - name: aws 38 | url: https://aws.amazon.com/ 39 | version: ">= 5.21.0" 40 | 41 | module_dependencies: 42 | - name: Labels Module 43 | url: https://github.com/clouddrove/terraform-aws-labels 44 | description: Provides resource tagging. 45 | 46 | # description of this project 47 | # yamllint disable rule:line-length 48 | description: |- 49 | Terraform module to provision an AWS CloudTrail with encrypted S3 bucket. This bucket is used to store CloudTrail logs. 50 | 51 | # extra content 52 | include: 53 | - "terraform.md" 54 | 55 | # How to use this project 56 | # yamllint disable rule:line-length 57 | usage: |- 58 | ### Simple Example 59 | Here is an example of how you can use this module in your inventory structure: 60 | ```hcl 61 | module "cloudtrail" { 62 | source = "clouddrove/cloudtrail/aws" 63 | version = "1.3.0" 64 | 65 | name = "cloudtrail" 66 | environment = "security" 67 | label_order = ["name", "environment"] 68 | s3_bucket_name = "s3-logs" 69 | enable_logging = true 70 | enable_log_file_validation = true 71 | include_global_service_events = true 72 | is_multi_region_trail = false 73 | log_retention_days = 90 74 | } 75 | ``` 76 | -------------------------------------------------------------------------------- /docs/io.md: -------------------------------------------------------------------------------- 1 | ## Inputs 2 | 3 | | Name | Description | Type | Default | Required | 4 | |------|-------------|------|---------|:--------:| 5 | | attributes | Additional attributes (e.g. `1`). | `list(string)` | `[]` | no | 6 | | cloud\_watch\_logs\_group\_arn | Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered. | `string` | `""` | no | 7 | | cloud\_watch\_logs\_role\_arn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group. | `string` | `""` | no | 8 | | cloudwatch\_log\_group\_name | The name of the CloudWatch Log Group that receives CloudTrail events. | `string` | `"cloudtrail-events"` | no | 9 | | data\_resource\_type | The resource type in which you want to log data events. You can specify only the following value: `AWS::S3::Object` `AWS::Lambda::Function`. | `string` | `"AWS::S3::Object"` | no | 10 | | data\_resource\_values | Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable. | `list(string)` | `[]` | no | 11 | | enable\_cloudwatch | If true, deploy the resources for cloudwatch in the module. | `bool` | `true` | no | 12 | | enable\_log\_file\_validation | Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs. | `bool` | `true` | no | 13 | | enable\_logging | Enable logging for the trail. | `bool` | `true` | no | 14 | | enabled\_cloudtrail | If true, deploy the resources for the module. | `bool` | `true` | no | 15 | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | 16 | | event\_selector | Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. | `bool` | `true` | no | 17 | | event\_selector\_data\_resource | Specifies logging data events. Fields documented below. | `bool` | `false` | no | 18 | | iam\_role\_name | Name for the CloudTrail IAM role | `string` | `"cloudtrail-cloudwatch-logs-role"` | no | 19 | | include\_global\_service\_events | Specifies whether the trail is publishing events from global services such as IAM to the log files. | `bool` | `true` | no | 20 | | include\_management\_events | Specify if you want your event selector to include management events for your trail. | `bool` | `true` | no | 21 | | insight\_selector | Specifies an insight selector for type of insights to log on a trail | 
list(object({
    insight_type = string
  }))
| `[]` | no | 22 | | is\_multi\_region\_trail | Specifies whether the trail is created in the current region or in all regions | `bool` | `false` | no | 23 | | is\_organization\_trail | The trail is an AWS Organizations trail. | `bool` | `false` | no | 24 | | key\_deletion\_window\_in\_days | Duration in days after which the key is deleted after destruction of the resource, must be 7-30 days. Default 30 days. | `string` | `30` | no | 25 | | kms\_enabled | If true, deploy the resources for kms in the module. Note: Supports in only single cloudtrail management. | `bool` | `false` | no | 26 | | label\_order | Label order, e.g. `name`,`application`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | 27 | | log\_retention\_days | Number of days to keep AWS logs around in specific log group. | `string` | `90` | no | 28 | | managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | 29 | | name | Name (e.g. `app` or `cluster`). | `string` | n/a | yes | 30 | | read\_write\_type | Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. | `string` | `"All"` | no | 31 | | repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-cloudtrail"` | no | 32 | | s3\_bucket\_name | S3 bucket name for CloudTrail log. | `string` | `""` | no | 33 | | s3\_key\_prefix | (Optional) S3 key prefix that follows the name of the bucket you have designated for log file delivery. | `string` | `""` | no | 34 | | sns\_topic\_name | Specifies the name of the Amazon SNS topic defined for notification of log file delivery. | `string` | `null` | no | 35 | 36 | ## Outputs 37 | 38 | | Name | Description | 39 | |------|-------------| 40 | | arn | The Amazon Resource Name of the trail. | 41 | | home\_region | The region in which the trail was created. | 42 | | id | The name of the trail. | 43 | | tags | A mapping of tags to assign to the resource. | 44 | 45 | -------------------------------------------------------------------------------- /examples/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = local.region 3 | } 4 | locals { 5 | region = "eu-west-1" 6 | name = "bucket-logs" 7 | environment = "security" 8 | } 9 | module "s3_logs" { 10 | source = "clouddrove/s3/aws" 11 | version = "2.0.0" 12 | 13 | name = "${local.name}-bucket-logs" 14 | environment = local.environment 15 | versioning = true 16 | acl = "log-delivery-write" 17 | bucket_policy = true 18 | aws_iam_policy_document = data.aws_iam_policy_document.default.json 19 | force_destroy = true 20 | } 21 | 22 | module "cloudtrail" { 23 | source = "../" 24 | 25 | name = "${local.name}-cloudtrail" 26 | environment = local.environment 27 | s3_bucket_name = module.s3_logs.id 28 | include_global_service_events = true 29 | is_organization_trail = false 30 | log_retention_days = 90 31 | } 32 | 33 | data "aws_iam_policy_document" "default" { 34 | statement { 35 | sid = "cloudtrail-logs-get-bucket-acl" 36 | effect = "Allow" 37 | principals { 38 | type = "Service" 39 | identifiers = ["cloudtrail.amazonaws.com"] 40 | } 41 | actions = ["s3:GetBucketAcl"] 42 | resources = ["arn:aws:s3:::${module.s3_logs.id}"] 43 | } 44 | 45 | statement { 46 | sid = "cloudtrail-logs-put-object" 47 | effect = "Allow" 48 | principals { 49 | type = "Service" 50 | identifiers = ["cloudtrail.amazonaws.com"] 51 | } 52 | actions = ["s3:PutObject"] 53 | resources = ["arn:aws:s3:::${module.s3_logs.id}/AWSLogs/*"] 54 | condition { 55 | test = "StringEquals" 56 | variable = "s3:x-amz-acl" 57 | values = ["bucket-owner-full-control"] 58 | } 59 | } 60 | } -------------------------------------------------------------------------------- /examples/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cloudtrail_id" { 2 | value = module.cloudtrail[*].id 3 | description = "The name of the trail" 4 | } 5 | 6 | output "cloudtrail_arn" { 7 | value = module.cloudtrail[*].arn 8 | description = "The Amazon Resource Name of the trail" 9 | } 10 | 11 | output "cloudtrail_home_region" { 12 | value = module.cloudtrail[*].home_region 13 | description = "The region in which the trail was created" 14 | } 15 | 16 | output "tags" { 17 | value = module.cloudtrail.tags 18 | description = "A mapping of tags to assign to the Cloudtrail." 19 | } 20 | -------------------------------------------------------------------------------- /examples/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.21.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | # Managed By : CloudDrove 2 | # Description : This Script is used to create CloudTrail. 3 | # Copyright @ CloudDrove. All Right Reserved. 4 | 5 | #Module : Labels 6 | #Description : This terraform module is designed to generate consistent label names and tags 7 | # for resources. You can use terraform-labels to implement a strict naming 8 | # convention. 9 | module "labels" { 10 | source = "clouddrove/labels/aws" 11 | version = "1.3.0" 12 | 13 | name = var.name 14 | repository = var.repository 15 | environment = var.environment 16 | managedby = var.managedby 17 | attributes = var.attributes 18 | label_order = var.label_order 19 | } 20 | 21 | #Module : CLOUDTRAIL 22 | #Description : Terraform module to provision an AWS CloudTrail with encrypted S3 bucket. 23 | # This bucket is used to store CloudTrail logs. 24 | resource "aws_cloudtrail" "default" { 25 | count = var.enabled_cloudtrail == true ? 1 : 0 26 | 27 | name = module.labels.id 28 | enable_logging = var.enable_logging 29 | s3_bucket_name = var.s3_bucket_name 30 | s3_key_prefix = var.s3_key_prefix 31 | enable_log_file_validation = var.enable_log_file_validation 32 | is_multi_region_trail = var.is_multi_region_trail 33 | include_global_service_events = var.include_global_service_events 34 | cloud_watch_logs_role_arn = var.cloud_watch_logs_role_arn 35 | cloud_watch_logs_group_arn = var.cloud_watch_logs_group_arn != "" ? format("%s:*", var.cloud_watch_logs_group_arn) : "" 36 | kms_key_id = join("", aws_kms_key.cloudtrail[*].arn) # aws_kms_key.cloudtrail[0].arn != null ? aws_kms_key.cloudtrail[0].arn : null 37 | is_organization_trail = var.is_organization_trail 38 | tags = module.labels.tags 39 | sns_topic_name = var.sns_topic_name 40 | 41 | dynamic "event_selector" { 42 | for_each = var.event_selector ? [true] : [] 43 | content { 44 | read_write_type = var.read_write_type 45 | include_management_events = var.include_management_events 46 | dynamic "data_resource" { 47 | for_each = var.event_selector_data_resource ? ["true"] : [] 48 | content { 49 | type = var.data_resource_type 50 | values = var.data_resource_values 51 | } 52 | } 53 | } 54 | } 55 | 56 | dynamic "insight_selector" { 57 | for_each = var.insight_selector 58 | content { 59 | insight_type = insight_selector.value.insight_type 60 | } 61 | } 62 | 63 | lifecycle { 64 | ignore_changes = [event_selector] 65 | } 66 | 67 | depends_on = [ 68 | aws_kms_key.cloudtrail, 69 | ] 70 | } 71 | 72 | 73 | data "aws_caller_identity" "current" {} 74 | 75 | data "aws_partition" "current" {} 76 | 77 | data "aws_iam_policy_document" "cloudtrail_assume_role" { 78 | statement { 79 | effect = "Allow" 80 | actions = ["sts:AssumeRole"] 81 | 82 | principals { 83 | type = "Service" 84 | identifiers = ["cloudtrail.amazonaws.com"] 85 | } 86 | } 87 | } 88 | # This role is used by CloudTrail to send logs to CloudWatch. 89 | resource "aws_iam_role" "cloudtrail_cloudwatch_role" { 90 | count = var.enable_cloudwatch && var.enabled_cloudtrail ? 1 : 0 91 | name = var.iam_role_name 92 | assume_role_policy = data.aws_iam_policy_document.cloudtrail_assume_role.json 93 | } 94 | resource "aws_cloudwatch_log_group" "cloudtrail" { 95 | count = var.enable_cloudwatch && var.enabled_cloudtrail ? 1 : 0 96 | name = var.cloudwatch_log_group_name 97 | retention_in_days = var.log_retention_days 98 | kms_key_id = join("", aws_kms_key.cloudtrail[*].arn) 99 | } 100 | 101 | data "aws_region" "current" {} 102 | 103 | data "aws_iam_policy_document" "cloudtrail_cloudwatch_logs" { 104 | statement { 105 | sid = "WriteCloudWatchLogs" 106 | 107 | effect = "Allow" 108 | 109 | actions = [ 110 | "logs:CreateLogStream", 111 | "logs:PutLogEvents", 112 | ] 113 | #tfsec:ignore:aws-iam-no-policy-wildcards 114 | resources = ["arn:${data.aws_partition.current.partition}:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:cloudwatch-log-group:*"] 115 | } 116 | } 117 | resource "aws_iam_policy" "cloudtrail_cloudwatch_logs" { 118 | count = var.enable_cloudwatch && var.enabled_cloudtrail ? 1 : 0 119 | name = "cloudtrail-cloudwatch-logs-policy" 120 | policy = data.aws_iam_policy_document.cloudtrail_cloudwatch_logs.json 121 | } 122 | resource "aws_iam_policy_attachment" "main" { 123 | count = var.enable_cloudwatch && var.enabled_cloudtrail ? 1 : 0 124 | name = "cloudtrail-cloudwatch-logs-policy-attachment" 125 | policy_arn = aws_iam_policy.cloudtrail_cloudwatch_logs[0].arn 126 | roles = [aws_iam_role.cloudtrail_cloudwatch_role[0].name] 127 | } 128 | 129 | ## Supports only for single account cloudtrail. 130 | resource "aws_kms_key" "cloudtrail" { 131 | count = var.kms_enabled && var.enabled_cloudtrail ? 1 : 0 132 | description = "A KMS key used to encrypt CloudTrail log files stored in S3." 133 | deletion_window_in_days = var.key_deletion_window_in_days 134 | enable_key_rotation = "true" 135 | policy = data.aws_iam_policy_document.kms.json 136 | tags = module.labels.tags 137 | } 138 | 139 | data "aws_iam_policy_document" "kms" { 140 | version = "2012-10-17" 141 | statement { 142 | sid = "Enable IAM User Permissions" 143 | effect = "Allow" 144 | principals { 145 | type = "AWS" 146 | identifiers = ["*"] 147 | } 148 | actions = ["kms:*"] 149 | resources = ["*"] 150 | } 151 | statement { 152 | sid = "Allow CloudTrail to encrypt logs" 153 | effect = "Allow" 154 | principals { 155 | type = "Service" 156 | identifiers = ["cloudtrail.amazonaws.com"] 157 | } 158 | actions = ["kms:GenerateDataKey*"] 159 | resources = ["*"] 160 | condition { 161 | test = "StringLike" 162 | variable = "kms:EncryptionContext:aws:cloudtrail:arn" 163 | values = ["arn:${data.aws_partition.current.partition}:cloudtrail:*:${data.aws_caller_identity.current.account_id}:trail/*"] 164 | } 165 | } 166 | 167 | statement { 168 | sid = "Allow CloudTrail to describe key" 169 | effect = "Allow" 170 | principals { 171 | type = "Service" 172 | identifiers = ["cloudtrail.amazonaws.com"] 173 | } 174 | actions = ["kms:DescribeKey"] 175 | resources = ["*"] 176 | } 177 | 178 | statement { 179 | sid = "Allow principals in the account to decrypt log files" 180 | effect = "Allow" 181 | principals { 182 | type = "AWS" 183 | identifiers = ["*"] 184 | } 185 | actions = [ 186 | "kms:Decrypt", 187 | "kms:ReEncryptFrom" 188 | ] 189 | resources = ["*"] 190 | condition { 191 | test = "StringEquals" 192 | variable = "kms:CallerAccount" 193 | values = [data.aws_caller_identity.current.account_id] 194 | } 195 | condition { 196 | test = "StringLike" 197 | variable = "kms:EncryptionContext:aws:cloudtrail:arn" 198 | values = ["arn:${data.aws_partition.current.partition}:cloudtrail:*:${data.aws_caller_identity.current.account_id}:trail/*"] 199 | } 200 | } 201 | 202 | statement { 203 | sid = "Allow alias creation during setup" 204 | effect = "Allow" 205 | principals { 206 | type = "AWS" 207 | identifiers = ["*"] 208 | } 209 | actions = ["kms:CreateAlias"] 210 | resources = ["*"] 211 | } 212 | } -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | #Module : CloudTrail 2 | #Description : Terraform module to provision an AWS CloudTrail with encrypted S3 bucket. 3 | # This bucket is used to store CloudTrail logs. 4 | output "id" { 5 | value = join("", aws_cloudtrail.default[*].id) 6 | description = "The name of the trail." 7 | } 8 | 9 | output "home_region" { 10 | value = join("", aws_cloudtrail.default[*].home_region) 11 | description = "The region in which the trail was created." 12 | } 13 | 14 | output "arn" { 15 | value = join("", aws_cloudtrail.default[*].arn) 16 | description = "The Amazon Resource Name of the trail." 17 | } 18 | 19 | output "tags" { 20 | value = module.labels.tags 21 | description = "A mapping of tags to assign to the resource." 22 | } 23 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | #Module : LABEL 2 | #Description : Terraform label module variables. 3 | variable "name" { 4 | type = string 5 | description = "Name (e.g. `app` or `cluster`)." 6 | } 7 | 8 | variable "repository" { 9 | type = string 10 | default = "https://github.com/clouddrove/terraform-aws-cloudtrail" 11 | description = "Terraform current module repo" 12 | } 13 | 14 | 15 | variable "environment" { 16 | type = string 17 | default = "" 18 | description = "Environment (e.g. `prod`, `dev`, `staging`)." 19 | } 20 | 21 | variable "label_order" { 22 | type = list(any) 23 | default = ["name", "environment"] 24 | description = "Label order, e.g. `name`,`application`." 25 | } 26 | 27 | variable "attributes" { 28 | type = list(string) 29 | default = [] 30 | description = "Additional attributes (e.g. `1`)." 31 | } 32 | 33 | variable "managedby" { 34 | type = string 35 | default = "hello@clouddrove.com" 36 | description = "ManagedBy, eg 'CloudDrove'." 37 | } 38 | 39 | #Module : CLOUDTRAIL 40 | #Description : Terraform VPC module variables. 41 | variable "enabled_cloudtrail" { 42 | type = bool 43 | default = true 44 | description = "If true, deploy the resources for the module." 45 | } 46 | 47 | variable "enable_cloudwatch" { 48 | type = bool 49 | default = true 50 | description = "If true, deploy the resources for cloudwatch in the module." 51 | } 52 | 53 | variable "kms_enabled" { 54 | type = bool 55 | default = false 56 | description = "If true, deploy the resources for kms in the module. Note: Supports in only single cloudtrail management." 57 | } 58 | 59 | variable "enable_log_file_validation" { 60 | type = bool 61 | default = true 62 | description = "Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs." 63 | } 64 | 65 | variable "include_global_service_events" { 66 | type = bool 67 | default = true 68 | description = "Specifies whether the trail is publishing events from global services such as IAM to the log files." 69 | } 70 | 71 | variable "enable_logging" { 72 | type = bool 73 | default = true 74 | description = "Enable logging for the trail." 75 | } 76 | 77 | variable "s3_bucket_name" { 78 | type = string 79 | default = "" 80 | description = "S3 bucket name for CloudTrail log." 81 | } 82 | 83 | variable "s3_key_prefix" { 84 | type = string 85 | default = "" 86 | description = "(Optional) S3 key prefix that follows the name of the bucket you have designated for log file delivery." 87 | } 88 | 89 | variable "cloud_watch_logs_role_arn" { 90 | type = string 91 | default = "" 92 | description = "Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group." 93 | sensitive = true 94 | } 95 | 96 | variable "cloud_watch_logs_group_arn" { 97 | type = string 98 | default = "" 99 | description = "Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered." 100 | sensitive = true 101 | } 102 | 103 | variable "event_selector" { 104 | type = bool 105 | default = true 106 | description = "Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these." 107 | } 108 | 109 | variable "read_write_type" { 110 | type = string 111 | default = "All" 112 | description = "Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All." 113 | } 114 | 115 | variable "include_management_events" { 116 | type = bool 117 | default = true 118 | description = " Specify if you want your event selector to include management events for your trail." 119 | } 120 | 121 | variable "event_selector_data_resource" { 122 | type = bool 123 | default = false 124 | description = "Specifies logging data events. Fields documented below." 125 | } 126 | 127 | variable "data_resource_type" { 128 | type = string 129 | default = "AWS::S3::Object" 130 | description = "The resource type in which you want to log data events. You can specify only the following value: `AWS::S3::Object` `AWS::Lambda::Function`." 131 | } 132 | 133 | variable "data_resource_values" { 134 | type = list(string) 135 | default = [] 136 | description = "Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable." 137 | sensitive = true 138 | } 139 | 140 | variable "is_organization_trail" { 141 | type = bool 142 | default = false 143 | description = "The trail is an AWS Organizations trail." 144 | } 145 | 146 | variable "sns_topic_name" { 147 | type = string 148 | default = null 149 | description = "Specifies the name of the Amazon SNS topic defined for notification of log file delivery." 150 | } 151 | 152 | variable "key_deletion_window_in_days" { 153 | description = "Duration in days after which the key is deleted after destruction of the resource, must be 7-30 days. Default 30 days." 154 | default = 30 155 | type = string 156 | } 157 | 158 | variable "log_retention_days" { 159 | description = "Number of days to keep AWS logs around in specific log group." 160 | default = 90 161 | type = string 162 | } 163 | 164 | variable "cloudwatch_log_group_name" { 165 | description = "The name of the CloudWatch Log Group that receives CloudTrail events." 166 | default = "cloudtrail-events" 167 | type = string 168 | } 169 | 170 | variable "iam_role_name" { 171 | description = "Name for the CloudTrail IAM role" 172 | default = "cloudtrail-cloudwatch-logs-role" 173 | type = string 174 | } 175 | 176 | variable "insight_selector" { 177 | type = list(object({ 178 | insight_type = string 179 | })) 180 | 181 | description = "Specifies an insight selector for type of insights to log on a trail" 182 | default = [] 183 | } 184 | 185 | variable "is_multi_region_trail" { 186 | type = bool 187 | default = false 188 | description = "Specifies whether the trail is created in the current region or in all regions" 189 | } -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.21.0" 9 | } 10 | } 11 | } --------------------------------------------------------------------------------