forked from cloudposse/terraform-aws-cloudtrail-s3-bucket
-
Notifications
You must be signed in to change notification settings - Fork 2
/
README.yaml
79 lines (64 loc) · 3.6 KB
/
README.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#
# This is the canonical configuration for the `README.md`
# Run `make readme` to rebuild the `README.md`
#
# Name of this project
name: terraform-aws-cloudtrail-s3-bucket
# Logo for this project
#logo: docs/logo.png
# License of this project
license: "APACHE2"
# Canonical GitHub repo
github_repo: cloudposse/terraform-aws-cloudtrail-s3-bucket
# Badges to display
badges:
- name: Latest Release
image: https://img.shields.io/github/release/cloudposse/terraform-aws-cloudtrail-s3-bucket.svg?style=for-the-badge
url: https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket/releases/latest
- name: Last Updated
image: https://img.shields.io/github/last-commit/cloudposse/terraform-aws-cloudtrail-s3-bucket.svg?style=for-the-badge
url: https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket/commits
- name: Slack Community
image: https://slack.cloudposse.com/for-the-badge.svg
url: https://slack.cloudposse.com
# List any related terraform modules that this module may be used with or that this module depends on.
related:
- name: "terraform-aws-cloudtrail"
description: "Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs"
url: "https://github.com/cloudposse/terraform-aws-cloudtrail"
- name: "terraform-aws-cloudtrail-cloudwatch-alarms"
description: "Terraform module for creating alarms for tracking important changes and occurances from cloudtrail."
url: "https://github.com/cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms"
- name: "terraform-aws-s3-log-storage"
description: "This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail"
url: "https://github.com/cloudposse/terraform-aws-s3-log-storage"
- name: "terraform-aws-cloudtrail-s3-bucket"
description: "S3 bucket with built in IAM policy to allow CloudTrail logs"
url: "https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket"
# Short description of this project
description: |-
Terraform module to provision an S3 bucket with built in policy to allow [CloudTrail](https://aws.amazon.com/cloudtrail/) [logs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html).
This is useful if an organization uses a number of separate AWS accounts to isolate the Audit environment from other environments (production, staging, development).
In this case, you create CloudTrail in the production environment (Production AWS account),
while the S3 bucket to store the CloudTrail logs is created in the Audit AWS account, restricting access to the logs only to the users/groups from the Audit account.
The module supports the following:
1. Forced [server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) at rest for the S3 bucket
2. S3 bucket [versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html) to easily recover from both unintended user actions and application failures
3. S3 bucket is protected from deletion if it's not empty ([force_destroy](https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#force_destroy) set to `false`)
# How to use this project
usage: |-
```hcl
module "s3_bucket" {
source = "cloudposse/cloudtrail-s3-bucket/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
namespace = "eg"
stage = "prod"
name = "cluster"
}
```
include:
- "docs/targets.md"
- "docs/terraform.md"
# Contributors to this project
contributors: []