This is stars and forks stats for /lacework/terraform-aws-cloudtrail repository. As of 20 Apr, 2024 this repository has 5 stars and 21 forks.
terraform-aws-cloudtrail Terraform module for configuring an integration with Lacework and AWS for CloudTrail analysis. Requirements Name Version terraform >= 0.14 aws >= 4.0 lacework ~> 1.0 random >= 2.1 time ~> 0.6 Providers Name Version aws >= 4.0 lacework ~> 1.0 random >= 2.1 time ~> 0.6 Modules Name Source Version lacework_ct_iam_role lacework/iam-role/aws ~> 0.4 Resources Name Type aws_cloudtrail.lacework_cloudtrail resource aws_iam_policy.cross_account_policy resource aws_iam_role_policy_attachment.lacework_cross_account_iam_role_policy resource aws_kms_key.lacework_kms_key resource aws_s3_bucket.cloudtrail_bucket resource aws_s3_bucket.cloudtrail_log_bucket resource aws_s3_bucket_acl.cloudtrail_log_bucket_acl resource aws_s3_bucket_logging.cloudtrail_bucket_logging resource aws_s3_bucket_notification.cloudtrail_bucket_notification resource aws_s3_bucket_ownership_controls.cloudtrail_bucket_ownership_controls resource aws_s3_bucket_ownership_controls.cloudtrail_log_bucket_ownership_controls resource aws_s3_bucket_policy.cloudtrail_bucket_policy resource aws_s3_bucket_policy.cloudtrail_log_bucket_policy resource aws_s3_bucket_public_access_block.cloudtrail_bucket_access resource aws_s3_bucket_public_access_block.cloudtrail_log_bucket_access resource aws_s3_bucket_server_side_encryption_configuration.cloudtrail_bucket_encryption resource aws_s3_bucket_server_side_encryption_configuration.cloudtrail_log_encryption resource aws_s3_bucket_versioning.cloudtrail_bucket_versioning resource aws_s3_bucket_versioning.cloudtrail_log_bucket_versioning resource aws_sns_topic.lacework_cloudtrail_sns_topic resource aws_sns_topic_policy.default resource aws_sns_topic_subscription.lacework_sns_topic_sub resource aws_sqs_queue.lacework_cloudtrail_sqs_queue resource aws_sqs_queue_policy.lacework_sqs_queue_policy resource lacework_integration_aws_ct.default resource random_id.uniq resource time_sleep.wait_time resource aws_caller_identity.current data source aws_iam_policy_document.cloudtrail_log_policy data source aws_iam_policy_document.cloudtrail_s3_policy data source aws_iam_policy_document.cross_account_policy data source aws_iam_policy_document.kms_key_policy data source aws_iam_policy_document.sns_topic_policy data source aws_region.current data source Inputs Name Description Type Default Required access_log_prefix Optional value to specify a key prefix for access log objects for logging S3 bucket string "log/" no bucket_arn The S3 bucket ARN is required when setting use_existing_cloudtrail to true string "" no bucket_enable_mfa_delete Set this to true to require MFA for object deletion (Requires versioning) bool false no bucket_encryption_enabled Set this to true to enable encryption on a created S3 bucket bool true no bucket_force_destroy Force destroy bucket (When 'false' a non-empty bucket will NOT be destroyed.) bool true no bucket_logs_enabled Set this to true to enable access logging on a created S3 bucket bool true no bucket_name Optional value to specify name for a newly created S3 bucket. Not required when use_existing_cloudtrail is true. string "" no bucket_sse_algorithm The encryption algorithm to use for S3 bucket server-side encryption string "aws:kms" no bucket_sse_key_arn The ARN of the KMS encryption key to be used for S3 (Required when bucket_sse_algorithm is aws:kms and using an existing aws_kms_key) string "" no bucket_versioning_enabled Set this to true to enable access versioning on a created S3 bucket bool true no cloudtrail_name The name of the CloudTrail. Required when setting use_existing_cloudtrail to true string "lacework-cloudtrail" no consolidated_trail Set this to true to configure a consolidated cloudtrail bool false no create_lacework_integration Set this to false if you don't want the module to automatically create a corresponding Lacework integration. bool true no cross_account_policy_name n/a string "" no enable_cloudtrail_s3_management_events Enable CloudTrail Object-level logging bool false no enable_log_file_validation Specifies whether cloudtrail log file integrity validation is enabled bool true no external_id_length Deprecated - Will be removed on our next major release v3.0.0 number 16 no iam_role_arn The IAM role ARN is required when setting use_existing_iam_role to true string "" no iam_role_external_id The external ID configured inside the IAM role is required when setting use_existing_iam_role to true string "" no iam_role_name The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true string "" no is_organization_trail Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account bool false no kms_key_deletion_days The waiting period, specified in number of days number 30 no kms_key_multi_region Whether the KMS key is a multi-region or regional key bool true no kms_key_rotation Enable KMS automatic key rotation bool false no lacework_aws_account_id The Lacework AWS account that the IAM role will grant access string "434813966438" no lacework_integration_name The name of the integration in Lacework. string "TF cloudtrail" no log_bucket_name Name of the S3 bucket for access logs. Is required when setting use_existing_access_log_bucket to true string "" no org_account_mappings Mapping of AWS accounts to Lacework accounts within a Lacework organization list(object({ default_lacework_account = string mapping = list(object({ lacework_account = string aws_accounts = list(string) })) })) [] no permission_boundary_arn Optional - ARN of the policy that is used to set the permissions boundary for the role. string null no prefix The prefix that will be use at the beginning of every generated resource string "lacework-ct" no s3_notification_log_prefix The object prefix for which to create S3 notifications string "AWSLogs/" no s3_notification_type The destination type that should be used for S3 notifications: SNS or SQS. Defaults to SQS string "SQS" no sns_topic_arn The SNS topic ARN string "" no sns_topic_encryption_enabled Set this to false to disable encryption on a sns topic. Defaults to true bool true no sns_topic_encryption_key_arn The ARN of an existing KMS encryption key to be used for SNS string "" no sns_topic_name The SNS topic name string "" no sqs_encryption_enabled Set this to true to enable server-side encryption on SQS. bool true no sqs_encryption_key_arn The ARN of the KMS encryption key to be used for SQS (Required when sqs_encryption_enabled is true) string "" no sqs_queue_name The SQS queue name string "" no sqs_queues List of SQS queues to configure in the Lacework cross-account policy list(string) [] no tags A map/dictionary of Tags to be assigned to created resources map(string) {} no use_existing_access_log_bucket Set this to true to use an existing bucket for access logging. Default behavior creates a new access log bucket if logging is enabled bool false no use_existing_cloudtrail Set this to true to use an existing cloudtrail. Default behavior enables new cloudtrail bool false no use_existing_iam_role Set this to true to use an existing IAM role bool false no use_existing_iam_role_policy Set this to true to use an existing policy on the IAM role, rather than attaching a new one bool false no use_existing_kms_key Set this to true to use an existing KMS key. bool false no use_existing_sns_topic Set this to true to use an existing SNS topic. Default behavior creates a new SNS topic bool false no use_s3_bucket_notification Set this to true to use S3 bucket notifications instead of CloudTrail. When set to false CloudTrail will be used. Defaults to false bool false no wait_time Amount of time to wait before the next resource is provisioned. string "10s" no Outputs Name Description bucket_arn S3 Bucket ARN bucket_name S3 Bucket name bucket_sse_key_arn The ARN of the KMS encryption key used for S3 external_id The External ID configured into the IAM role iam_role_arn The IAM Role ARN iam_role_name The IAM Role name lacework_integration_guid Lacework CloudTrail Integration GUID sns_arn SNS Topic ARN sns_name SNS Topic name sqs_arn SQS Queue ARN sqs_name SQS Queue name sqs_url SQS Queue URL
terraform-aws-cloudtrail Terraform module for configuring an integration with Lacework and AWS for CloudTrail analysis. Requirements Name Version terraform >= 0.14 aws >= 4.0 lacework ~> 1.0 random >= 2.1 time ~> 0.6 Providers Name Version aws >= 4.0 lacework ~> 1.0 random >= 2.1 time ~> 0.6 Modules Name Source Version lacework_ct_iam_role lacework/iam-role/aws ~> 0.4 Resources Name Type aws_cloudtrail.lacework_cloudtrail resource aws_iam_policy.cross_account_policy resource aws_iam_role_policy_attachment.lacework_cross_account_iam_role_policy resource aws_kms_key.lacework_kms_key resource aws_s3_bucket.cloudtrail_bucket resource aws_s3_bucket.cloudtrail_log_bucket resource aws_s3_bucket_acl.cloudtrail_log_bucket_acl resource aws_s3_bucket_logging.cloudtrail_bucket_logging resource aws_s3_bucket_notification.cloudtrail_bucket_notification resource aws_s3_bucket_ownership_controls.cloudtrail_bucket_ownership_controls resource aws_s3_bucket_ownership_controls.cloudtrail_log_bucket_ownership_controls resource aws_s3_bucket_policy.cloudtrail_bucket_policy resource aws_s3_bucket_policy.cloudtrail_log_bucket_policy resource aws_s3_bucket_public_access_block.cloudtrail_bucket_access resource aws_s3_bucket_public_access_block.cloudtrail_log_bucket_access resource aws_s3_bucket_server_side_encryption_configuration.cloudtrail_bucket_encryption resource aws_s3_bucket_server_side_encryption_configuration.cloudtrail_log_encryption resource aws_s3_bucket_versioning.cloudtrail_bucket_versioning resource aws_s3_bucket_versioning.cloudtrail_log_bucket_versioning resource aws_sns_topic.lacework_cloudtrail_sns_topic resource aws_sns_topic_policy.default resource aws_sns_topic_subscription.lacework_sns_topic_sub resource aws_sqs_queue.lacework_cloudtrail_sqs_queue resource aws_sqs_queue_policy.lacework_sqs_queue_policy resource lacework_integration_aws_ct.default resource random_id.uniq resource time_sleep.wait_time resource aws_caller_identity.current data source aws_iam_policy_document.cloudtrail_log_policy data source aws_iam_policy_document.cloudtrail_s3_policy data source aws_iam_policy_document.cross_account_policy data source aws_iam_policy_document.kms_key_policy data source aws_iam_policy_document.sns_topic_policy data source aws_region.current data source Inputs Name Description Type Default Required access_log_prefix Optional value to specify a key prefix for access log objects for logging S3 bucket string "log/" no bucket_arn The S3 bucket ARN is required when setting use_existing_cloudtrail to true string "" no bucket_enable_mfa_delete Set this to true to require MFA for object deletion (Requires versioning) bool false no bucket_encryption_enabled Set this to true to enable encryption on a created S3 bucket bool true no bucket_force_destroy Force destroy bucket (When 'false' a non-empty bucket will NOT be destroyed.) bool true no bucket_logs_enabled Set this to true to enable access logging on a created S3 bucket bool true no bucket_name Optional value to specify name for a newly created S3 bucket. Not required when use_existing_cloudtrail is true. string "" no bucket_sse_algorithm The encryption algorithm to use for S3 bucket server-side encryption string "aws:kms" no bucket_sse_key_arn The ARN of the KMS encryption key to be used for S3 (Required when bucket_sse_algorithm is aws:kms and using an existing aws_kms_key) string "" no bucket_versioning_enabled Set this to true to enable access versioning on a created S3 bucket bool true no cloudtrail_name The name of the CloudTrail. Required when setting use_existing_cloudtrail to true string "lacework-cloudtrail" no consolidated_trail Set this to true to configure a consolidated cloudtrail bool false no create_lacework_integration Set this to false if you don't want the module to automatically create a corresponding Lacework integration. bool true no cross_account_policy_name n/a string "" no enable_cloudtrail_s3_management_events Enable CloudTrail Object-level logging bool false no enable_log_file_validation Specifies whether cloudtrail log file integrity validation is enabled bool true no external_id_length Deprecated - Will be removed on our next major release v3.0.0 number 16 no iam_role_arn The IAM role ARN is required when setting use_existing_iam_role to true string "" no iam_role_external_id The external ID configured inside the IAM role is required when setting use_existing_iam_role to true string "" no iam_role_name The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true string "" no is_organization_trail Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account bool false no kms_key_deletion_days The waiting period, specified in number of days number 30 no kms_key_multi_region Whether the KMS key is a multi-region or regional key bool true no kms_key_rotation Enable KMS automatic key rotation bool false no lacework_aws_account_id The Lacework AWS account that the IAM role will grant access string "434813966438" no lacework_integration_name The name of the integration in Lacework. string "TF cloudtrail" no log_bucket_name Name of the S3 bucket for access logs. Is required when setting use_existing_access_log_bucket to true string "" no org_account_mappings Mapping of AWS accounts to Lacework accounts within a Lacework organization list(object({ default_lacework_account = string mapping = list(object({ lacework_account = string aws_accounts = list(string) })) })) [] no permission_boundary_arn Optional - ARN of the policy that is used to set the permissions boundary for the role. string null no prefix The prefix that will be use at the beginning of every generated resource string "lacework-ct" no s3_notification_log_prefix The object prefix for which to create S3 notifications string "AWSLogs/" no s3_notification_type The destination type that should be used for S3 notifications: SNS or SQS. Defaults to SQS string "SQS" no sns_topic_arn The SNS topic ARN string "" no sns_topic_encryption_enabled Set this to false to disable encryption on a sns topic. Defaults to true bool true no sns_topic_encryption_key_arn The ARN of an existing KMS encryption key to be used for SNS string "" no sns_topic_name The SNS topic name string "" no sqs_encryption_enabled Set this to true to enable server-side encryption on SQS. bool true no sqs_encryption_key_arn The ARN of the KMS encryption key to be used for SQS (Required when sqs_encryption_enabled is true) string "" no sqs_queue_name The SQS queue name string "" no sqs_queues List of SQS queues to configure in the Lacework cross-account policy list(string) [] no tags A map/dictionary of Tags to be assigned to created resources map(string) {} no use_existing_access_log_bucket Set this to true to use an existing bucket for access logging. Default behavior creates a new access log bucket if logging is enabled bool false no use_existing_cloudtrail Set this to true to use an existing cloudtrail. Default behavior enables new cloudtrail bool false no use_existing_iam_role Set this to true to use an existing IAM role bool false no use_existing_iam_role_policy Set this to true to use an existing policy on the IAM role, rather than attaching a new one bool false no use_existing_kms_key Set this to true to use an existing KMS key. bool false no use_existing_sns_topic Set this to true to use an existing SNS topic. Default behavior creates a new SNS topic bool false no use_s3_bucket_notification Set this to true to use S3 bucket notifications instead of CloudTrail. When set to false CloudTrail will be used. Defaults to false bool false no wait_time Amount of time to wait before the next resource is provisioned. string "10s" no Outputs Name Description bucket_arn S3 Bucket ARN bucket_name S3 Bucket name bucket_sse_key_arn The ARN of the KMS encryption key used for S3 external_id The External ID configured into the IAM role iam_role_arn The IAM Role ARN iam_role_name The IAM Role name lacework_integration_guid Lacework CloudTrail Integration GUID sns_arn SNS Topic ARN sns_name SNS Topic name sqs_arn SQS Queue ARN sqs_name SQS Queue name sqs_url SQS Queue URL
| repo | techs | stars | weekly | forks | weekly |
|---|---|---|---|---|---|
| umotif-public/terraform-aws-ecs-fargate-scheduled-task | HCLMakefile | 10 | 0 | 7 | 0 |
| alpinelinux/docker-alpine | LuaShellDockerfile | 909 | +7 | 237 | +1 |
| knyar/nginx-lua-prometheus | LuaGoShell | 1.3k | 0 | 217 | 0 |
| Clever/go-process-metrics | MakefileGo | 0 | 0 | 1 | 0 |
| aws-samples/ecs-refarch-cloudformation | MakefileGoDockerfile | 1.7k | 0 | 1.3k | 0 |
| OpenModelica/OpenModelica | ModelicaCC++ | 648 | 0 | 269 | 0 |
| ministryofjustice/hmpps-helm-charts | MustacheShellSmarty | 2 | 0 | 3 | 0 |
| yugabyte/yugabyte-platform-operator | MustacheMakefileDockerfile | 1 | 0 | 4 | 0 |
| batsh-dev-team/Batsh | OCamlBatchfileShell | 4.2k | 0 | 187 | 0 |
| tanelpoder/tpt-oracle | HTMLPLSQLShell | 590 | 0 | 296 | 0 |