From b45c493781e1b734208b8a652bdbe971e2d6f3d6 Mon Sep 17 00:00:00 2001 From: worm Date: Wed, 15 Nov 2023 15:06:26 -0800 Subject: [PATCH] progress on Cloudtrail1 --- terraform_v1.4.0/CloudTrail/main.tf | 24 +++++++++++++++++++++++- terraform_v1.4.0/nohup.out | 1 + v1.4.0/CloudTrail.1.sentinel | 4 ++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 terraform_v1.4.0/nohup.out diff --git a/terraform_v1.4.0/CloudTrail/main.tf b/terraform_v1.4.0/CloudTrail/main.tf index b54ff0f..d16fe04 100644 --- a/terraform_v1.4.0/CloudTrail/main.tf +++ b/terraform_v1.4.0/CloudTrail/main.tf @@ -15,6 +15,11 @@ terraform { } } +variable "s3_bucket_arn" { + type = string + description = "The ARN of the CloudTrail bucket" +} + provider "aws" { region = "us-west-2" } @@ -24,10 +29,27 @@ terraform { s3_bucket_name = "stm-cloudtrail-sentinel" include_global_service_events = false } - + resource "aws_cloudtrail" "example-multi-region" { name = "example-multi-region" s3_bucket_name = "stm-cloudtrail-sentinel" include_global_service_events = true is_multi_region_trail = true } + +resource "aws_cloudtrail" "example-with-event-selector" { + name = "example-with-event-selector" + s3_bucket_name = "stm-cloudtrail-sentinel" + include_global_service_events = true + is_multi_region_trail = true + + event_selector { + read_write_type = "All" + include_management_events = true + + data_resource { + type = "AWS::S3::Object" + values = ["${var.s3_bucket_arn}/"] + } + } +} \ No newline at end of file diff --git a/terraform_v1.4.0/nohup.out b/terraform_v1.4.0/nohup.out new file mode 100644 index 0000000..96dff42 --- /dev/null +++ b/terraform_v1.4.0/nohup.out @@ -0,0 +1 @@ +Opening in existing browser session. diff --git a/v1.4.0/CloudTrail.1.sentinel b/v1.4.0/CloudTrail.1.sentinel index 007ac9a..f64e762 100644 --- a/v1.4.0/CloudTrail.1.sentinel +++ b/v1.4.0/CloudTrail.1.sentinel @@ -2,6 +2,10 @@ # TODO: Address the ideal way to determine when this policy is appropriate to run # TODO: check how the reading and writing of management events works and write configuration to include it: #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail.html#include_management_events + +# By default, when no event filter is provided, read and write management events are captured: +# # Without an event selector specified, CloudTrail logs all read and write management events by default + # https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EventSelector.html import "tfplan/v2" as tfplan param actions default [