Releases: cloudposse/terraform-aws-cloudtrail-s3-bucket
v0.16.1
🤖 Automatic Updates
Update context.tf @cloudpossebot (#38)
what
This is an auto-generated PR that updates the context.tf
file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context
interface.
v0.16.0
minimum required Terraform version bumped to 0.13.0, context.tf updated, readme updated @maximmi (#40)
what
- update context.tf to v0.23.0
- minimum required Terraform version bumped to 0.13.0
- readme updated, Bridgecrew compliance badges added
why
- It allows for setting the letter case of tag names and labels
- we have dropped support for Terraform 0.12
- To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant
v0.15.1
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#39)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
v0.15.0
add optional access log bucket creation @mcalhoun (#35)
what
- add the ability to optionally create an S3 bucket for access logging
why
- AWS security best practices call for Access Logging to be enabled on CloudTrail buckets
references
CIS AWS Foundations Benchmark controls
2.6 – Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
Severity: Low
AWS Config rule: s3-bucket-logging-enabled
Amazon S3 bucket access logging generates a log that contains access records for each request made
to your S3 bucket. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed.
Security Hub recommends that you enable bucket access logging on the CloudTrail S3 bucket. By enabling S3 bucket logging on target S3 buckets, you can capture all events that might affect objects in a target bucket. Configuring logs to be placed in a separate bucket enables access to log information,
which can be useful in security and incident response workflows.
To run this check, Security Hub first uses custom logic to look for the bucket where your CloudTrail logs are stored and then uses the AWS Config managed rule to check if logging is enabled.
If you aggregate your logs into a single centralized S3 bucket, then Security Hub only runs the check
against the account and Region where the centralized S3 bucket is located. For other accounts and
Regions, the control status is No data. If the bucket is publicly accessible, the check generates a failed finding.
v0.14.0
v0.13.0
v0.12.0
v0.11.0
0.10.1: [AUTOMATED] Update Version Pinning for Terraform to support 0.13 (#25)
## What 1. Update Version Pinning for Terraform to support 0.13 ## Why 1. This is a relatively minor update that the CloudPosse module already likely supports. 1. This allows module consumers to not individually update our Terraform module to support Terraform 0.13.