progress on Cloudtrail1

terraform_v1.4.0/CloudTrail/main.tf

@@ -15,6 +15,11 @@ terraform {
   }
 }
 
+variable "s3_bucket_arn" {
+  type = string  
+  description = "The ARN of the CloudTrail bucket"
+}
+
   provider "aws" {
     region = "us-west-2"
   }
@@ -31,3 +36,20 @@ terraform {
     include_global_service_events = true
     is_multi_region_trail = true
   }
+
+resource "aws_cloudtrail" "example-with-event-selector" {
+  name =  "example-with-event-selector"
+  s3_bucket_name  = "stm-cloudtrail-sentinel"
+  include_global_service_events = true
+  is_multi_region_trail = true
+
+  event_selector {
+    read_write_type = "All"
+    include_management_events = true
+
+    data_resource {
+      type = "AWS::S3::Object"
+      values = ["${var.s3_bucket_arn}/"]
+    }
+  }
+}

terraform_v1.4.0/nohup.out

@@ -0,0 +1 @@
+Opening in existing browser session.

v1.4.0/CloudTrail.1.sentinel

@@ -2,6 +2,10 @@
 # TODO: Address the ideal way to determine when this policy is appropriate to run
 # TODO: check how the reading and writing of management events works and write configuration to include it:
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail.html#include_management_events
+
+# By default, when no event filter is provided, read and write management events are captured:
+#   # Without an event selector specified, CloudTrail logs all read and write management events by default
+  # https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EventSelector.html
 import "tfplan/v2" as tfplan
 
 param actions default [