This module implements an extended CloudTrail setup to debug issues with customers.
Run pre-commit install to install any guardrails implemented using pre-commit.
See pre-commit installation on how to install pre-commit.
BEWARE: Some data level logging is enabled as well by default.
To use this module see below. It only requires a name and KMS key reference.
Make sure you also set this up on us-east-1 to capture any global resource activity.
module "cloudtrail" {
source = "[email protected]:TechNative-B-V/terraform-aws-module-cloudtrail.git?ref=bcf75a7fa6f7b891993936290059efb7d16a7490"
name = "debug"
kms_key_arn = module.athena_kms.kms_key_arn
enable_organization_trail = false
}| Name | Version |
|---|---|
| aws | >=4.21.0 |
| Name | Source | Version |
|---|---|---|
| this | [email protected]:TechNative-B-V/terraform-aws-module-s3.git/ | d23eda80e3de956f30f176fc1f2e0cdfa3ac3ae8 |
| Name | Type |
|---|---|
| aws_cloudtrail.this | resource |
| aws_arn.s3 | data source |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.cloudtrail_account_policy | data source |
| aws_iam_policy_document.cloudtrail_base_policy | data source |
| aws_iam_policy_document.cloudtrail_organization_policy | data source |
| aws_iam_policy_document.cloudtrail_s3_bucket_policy | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| enable_organization_trail | Use organization trail, requires management account. Disables object level events to prevent cost increase. | bool |
false |
no |
| kms_key_arn | KMS key to use for encrypting CloudTrail S3 logs. | string |
n/a | yes |
| name | Prefix name for DynamoDB. Must be unique within the region. | string |
n/a | yes |
No outputs.