cloudtrail

AWS CloudTrail

Features

• Enable CloudTrail and deliver events to S3

Requirements

Name	Version
terraform	>= 0.13.0
aws	>= 2.0
local	>= 1.2
null	>= 2.0

Providers

Name	Version
aws	4.3.0

Modules

Name	Source	Version
cloudtrail	appzen-oss/cloudtrail/aws	0.21.1

Resources

Name	Type
aws_iam_account_alias.current	data source

Inputs

Name	Description	Type	Default	Required
enable_log_file_validation	Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs	bool	true	no
enable_logging	Enable logging for the trail	bool	true	no
include_global_service_events	Specifies whether the trail is publishing events from global services such as IAM to the log files	bool	true	no
insight_selector	Specifies an insight selector for identifying unusual operational activity. See: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#insight_type details for this variable	list(object({ insight_type = string }))	[ { "insight_type": "ApiCallRateInsight" }, { "insight_type": "ApiErrorRateInsight" } ]	no
is_multi_region_trail	Specifies whether the trail is created in the current region or in all regions	bool	true	no
is_organization_trail	The trail is an AWS Organizations trail	bool	true	no
name	CloudTrail name	string	n/a	yes
s3_bucket_name	S3 bucket name for CloudTrail logs	string	n/a	yes
s3_key_prefix	Specifies the S3 key prefix that follows the name of the bucket you have designated for log file delivery.	string	null	no
tags	Specifies object tags key and value. This applies to all resources created by this module.	map(any)	{ "Environment": "infra", "Product": "security", "Team": "devops", "Terraform": true }	no

Outputs

Name	Description
cloudtrail_arn	The Amazon Resource Name of the trail
cloudtrail_home_region	The region in which the trail was created
cloudtrail_id	The name of the trail