-
-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
7 changed files
with
254 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,3 +6,6 @@ | |
.terraform/ | ||
.idea | ||
terraform-aws-cloudtrail-s3-bucket.iml | ||
|
||
.build-harness | ||
build-harness |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,10 @@ | ||
SHELL := /bin/bash | ||
|
||
# List of targets the `readme` target should call before generating the readme | ||
export README_DEPS ?= docs/targets.md docs/terraform.md | ||
|
||
-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness) | ||
|
||
## Lint terraform code | ||
lint: | ||
$(SELF) terraform/install terraform/get-modules terraform/get-plugins terraform/lint terraform/validate | ||
$(SELF) terraform/install terraform/get-modules terraform/get-plugins terraform/lint terraform/validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
--- | ||
# | ||
# This is the canonical configuration for the `README.md` | ||
# Run `make readme` to rebuild the `README.md` | ||
# | ||
|
||
# Name of this project | ||
name: terraform-aws-cloudtrail-s3-bucket | ||
|
||
# Logo for this project | ||
#logo: docs/logo.png | ||
|
||
# License of this project | ||
license: "APACHE2" | ||
|
||
# Canonical GitHub repo | ||
github_repo: cloudposse/terraform-aws-cloudtrail-s3-bucket | ||
|
||
# Badges to display | ||
badges: | ||
- name: "Build Status" | ||
image: "https://travis-ci.org/cloudposse/terraform-aws-cloudtrail-s3-bucket.svg?branch=master" | ||
url: "https://travis-ci.org/cloudposse/terraform-aws-cloudtrail-s3-bucket" | ||
- name: "Latest Release" | ||
image: "https://img.shields.io/github/release/cloudposse/terraform-aws-cloudtrail-s3-bucket.svg" | ||
url: "https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket/releases/latest" | ||
- name: "Slack Community" | ||
image: "https://slack.cloudposse.com/badge.svg" | ||
url: "https://slack.cloudposse.com" | ||
|
||
related: | ||
- name: "terraform-aws-cloudtrail" | ||
description: "Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs" | ||
url: "https://github.com/cloudposse/terraform-aws-cloudtrail" | ||
- name: "terraform-aws-cloudtrail-cloudwatch-alarms" | ||
description: "Terraform module for creating alarms for tracking important changes and occurances from cloudtrail." | ||
url: "https://github.com/cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms" | ||
- name: "terraform-aws-s3-log-storage" | ||
description: "This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail" | ||
url: "https://github.com/cloudposse/terraform-aws-s3-log-storage" | ||
- name: "terraform-aws-cloudtrail-s3-bucket" | ||
description: "S3 bucket with built in IAM policy to allow CloudTrail logs" | ||
url: "https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket" | ||
|
||
# Short description of this project | ||
description: |- | ||
Terraform module to provision an S3 bucket with built in policy to allow [CloudTrail](https://aws.amazon.com/cloudtrail/) [logs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html). | ||
This is useful if an organization uses a number of separate AWS accounts to isolate the Audit environment from other environments (production, staging, development). | ||
In this case, you create CloudTrail in the production environment (Production AWS account), | ||
while the S3 bucket to store the CloudTrail logs is created in the Audit AWS account, restricting access to the logs only to the users/groups from the Audit account. | ||
The module supports the following: | ||
1. Forced [server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) at rest for the S3 bucket | ||
2. S3 bucket [versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html) to easily recover from both unintended user actions and application failures | ||
3. S3 bucket is protected from deletion if it's not empty ([force_destroy](https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#force_destroy) set to `false`) | ||
# How to use this project | ||
usage: |- | ||
```hcl | ||
module "s3_bucket" { | ||
source = "git::https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket.git?ref=master" | ||
namespace = "cp" | ||
stage = "prod" | ||
name = "cluster" | ||
region = "us-east-1" | ||
} | ||
``` | ||
include: | ||
- "docs/targets.md" | ||
- "docs/terraform.md" | ||
|
||
# Contributors to this project | ||
contributors: | ||
- name: "Andriy Knysh" | ||
github: "aknysh" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
## Makefile Targets | ||
``` | ||
Available targets: | ||
help This help screen | ||
help/all Display help for all targets | ||
lint Lint terraform code | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|:----:|:-----:|:-----:| | ||
| acl | Canned ACL to apply to the S3 bucket | string | `log-delivery-write` | no | | ||
| attributes | Additional attributes (e.g. `logs`) | list | `<list>` | no | | ||
| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | | ||
| force_destroy | A boolean that indicates the bucket can be destroyed even if it contains objects. These objects are not recoverable | string | `false` | no | | ||
| name | Name (e.g. `app` or `cluster`) | string | - | yes | | ||
| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes | | ||
| region | AWS Region for S3 bucket | string | `us-east-1` | no | | ||
| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes | | ||
| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map | `<map>` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| bucket_arn | Bucket ARN | | ||
| bucket_domain_name | FQDN of bucket | | ||
| bucket_id | Bucket ID | | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,14 @@ | ||
output "bucket_domain_name" { | ||
value = "${module.s3_bucket.bucket_domain_name}" | ||
value = "${module.s3_bucket.bucket_domain_name}" | ||
description = "FQDN of bucket" | ||
} | ||
|
||
output "bucket_id" { | ||
value = "${module.s3_bucket.bucket_id}" | ||
value = "${module.s3_bucket.bucket_id}" | ||
description = "Bucket ID" | ||
} | ||
|
||
output "bucket_arn" { | ||
value = "${module.s3_bucket.bucket_arn}" | ||
value = "${module.s3_bucket.bucket_arn}" | ||
description = "Bucket ARN" | ||
} |