A Terraform module that creates AWS CloudTrail.
- Advanced Event Selector
- Event Selector
| Name | Version |
|---|---|
| terraform | >= 1.3.6 |
| aws | >= 4.51.0 |
| Name | Version |
|---|---|
| aws | 4.62.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudtrail.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| advanced_event_selector | (Optional) Specifies an advanced event selector for enabling data event logging. | any |
null |
no |
| cloud_watch_logs_group_arn | (Optional) Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. | string |
null |
no |
| cloud_watch_logs_role_arn | (Optional) Role for the CloudWatch Logs endpoint to assume to write to a user’s log group. | string |
null |
no |
| enable_log_file_validation | (Optional) Whether log file integrity validation is enabled. Defaults to false. | bool |
null |
no |
| enable_logging | (Optional) Enables logging for the trail. Defaults to true. Setting this to false will pause logging. | bool |
null |
no |
| include_global_service_events | (Optional) Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true. | bool |
null |
no |
| insight_selector | (Optional) Configuration block for identifying unusual operational activity. | any |
null |
no |
| is_multi_region_trail | (Optional) Whether the trail is created in the current region or in all regions. Defaults to false. | bool |
null |
no |
| is_organization_trail | (Optional) Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. | bool |
null |
no |
| kms_key_id | (Optional) KMS key ARN to use to encrypt the logs delivered by CloudTrail. | string |
null |
no |
| name | (Required) Name of the trail. | string |
n/a | yes |
| s3_bucket_name | (Required) Name of the S3 bucket designated for publishing log files. | string |
n/a | yes |
| s3_key_prefix | (Optional) S3 key prefix that follows the name of the bucket you have designated for log file delivery. | string |
null |
no |
| sns_topic_name | (Optional) Name of the Amazon SNS topic defined for notification of log file delivery. | string |
null |
no |
| tags | (Optional) Map of tags to assign to the trail. If configured with a provider | map(string) |
null |
no |
| Name | Description |
|---|---|
| aws_cloudtrail_arn | ARN of the trail. |
| aws_cloudtrail_home_region | Region in which the trail was created. |
| aws_cloudtrail_id | Name of the trail. |
| aws_cloudtrail_tags_all | Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |