cloudtrail
cloudposse/cloudtrail/aws
Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs
terraform-aws-cloudtrail Terraform module to provision an AWS CloudTrail. The module accepts an encrypted S3 bucket with versioning to store CloudTrail logs. The bucket could be from the same AWS account or from a different account. This is useful if an organization uses a number of separate AWS accounts to isolate the Audit environment from other environments (production, staging, development). In this case, you create CloudTrail in the production environment (production AWS account), while the S3 bucket to store the CloudTrail logs is created in the Audit AWS account, restricting access to the logs only to the users/groups from the Audit account. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with G
| Name | Type | Description | Default |
|---|---|---|---|
| s3_bucket_name | string | S3 bucket name for CloudTrail logs | |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| regex_replace_chars | string | Terraform regular expression (regex) string. Characters matching the regex will | null |
| cloud_watch_logs_role_arn | string | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user | "" |
| sns_topic_name | string | Specifies the name of the Amazon SNS topic defined for notification of log file | null |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| include_global_service_events | bool | Specifies whether the trail is publishing events from global services such as IA | false |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| insight_selector | list(object({ insight_type | Specifies an insight selector for type of insights to log on a trail | [] |
| is_organization_trail | bool | The trail is an AWS Organizations trail | false |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| enable_log_file_validation | bool | Specifies whether log file integrity validation is enabled. Creates signed diges | true |
| event_selector | list(object({ include_mana | Specifies an event selector for enabling data event logging. See: https://www.te | [] |
| cloud_watch_logs_group_arn | string | Specifies a log group name using an Amazon Resource Name (ARN), that represents | "" |
| s3_key_prefix | string | Prefix for S3 bucket used by Cloudtrail to store logs | null |
cloudtrail_id — The ID of the trail. (Name for provider < v5, ARN for provider >= v5).cloudtrail_home_region — The region in which the trail was createdcloudtrail_arn — The Amazon Resource Name of the trailAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,