Terraform module which creates AWS Cloudtrail resources.
This is an opinionated tool for creating a fairly boring Cloudtrail setup.
Features:
- Multi Region Trail
- Includes Global Events
- Includes Management Events
- Include Insights events
- No Data events
- If you need data events, you should write another trail with specific event selectors to manage scale and cost.
# To prevent a dependency loop and pass AWS runtime validations, create
# the storage first, providing the computed arn of the trail to the
# cloudtrail_s3 module
data "aws_caller_identity" "current" {}
data "aws_partition" "current" {}
data "aws_region" "current" {}
locals {
name = "zombocom-main"
arn = "arn:${data.aws_partition.current}:cloudtrail:${data.aws_region.current}:${data.aws_caller_identity.account_id}:trail/${local.name}"
}
module "storage" {
source = "platformod/cloudtrail-s3"
version = 0.CHANGE_ME
# Creates a "${local.name}-cloudtrail" bucket
name = local.name
account_trails = [
{
account = data.aws_caller_identity.current.account_id ,
arn = local.arn
},
]
}
module "trail" {
source = "platformod/cloudtrail"
version = 0.CHANGEME
name = local.name
s3_bucket = "${local.name}-cloudtrail"
}
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.0 |
| Name | Version |
|---|---|
| aws | 5.41.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudtrail.trail | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | A name for the trail, ideally the same value you used for the bucket name prefix | string |
n/a | yes |
| s3_bucket | The name od the S3 bucket you created to store the logs | string |
n/a | yes |
| Name | Description |
|---|---|
| arn | ARN of the trail |
| home_region | Region in which the trail was created |
The tests in this repo will create and destroy real resources at AWS and incur cost. Please be careful when running them.
MPL-2.0 Licensed. See LICENSE.