| attributes |
Additional attributes (e.g. 1). |
list(string) |
[] |
no |
| cloud_watch_logs_group_arn |
Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered. |
string |
"" |
no |
| cloud_watch_logs_role_arn |
Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group. |
string |
"" |
no |
| cloudwatch_log_group_name |
The name of the CloudWatch Log Group that receives CloudTrail events. |
string |
"cloudtrail-events" |
no |
| data_resource_type |
The resource type in which you want to log data events. You can specify only the following value: AWS::S3::Object AWS::Lambda::Function. |
string |
"AWS::S3::Object" |
no |
| data_resource_values |
Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable. |
list(string) |
[] |
no |
| enable_cloudwatch |
If true, deploy the resources for cloudwatch in the module. |
bool |
true |
no |
| enable_log_file_validation |
Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs. |
bool |
true |
no |
| enable_logging |
Enable logging for the trail. |
bool |
true |
no |
| enabled_cloudtrail |
If true, deploy the resources for the module. |
bool |
true |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| event_selector |
Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. |
bool |
true |
no |
| event_selector_data_resource |
Specifies logging data events. Fields documented below. |
bool |
false |
no |
| iam_role_name |
Name for the CloudTrail IAM role |
string |
"cloudtrail-cloudwatch-logs-role" |
no |
| include_global_service_events |
Specifies whether the trail is publishing events from global services such as IAM to the log files. |
bool |
true |
no |
| include_management_events |
Specify if you want your event selector to include management events for your trail. |
bool |
true |
no |
| insight_selector |
Specifies an insight selector for type of insights to log on a trail |
list(object({
insight_type = string
})) |
[] |
no |
| is_multi_region_trail |
Specifies whether the trail is created in the current region or in all regions |
bool |
false |
no |
| is_organization_trail |
The trail is an AWS Organizations trail. |
bool |
false |
no |
| key_deletion_window_in_days |
Duration in days after which the key is deleted after destruction of the resource, must be 7-30 days. Default 30 days. |
string |
30 |
no |
| kms_enabled |
If true, deploy the resources for kms in the module. Note: Supports in only single cloudtrail management. |
bool |
false |
no |
| label_order |
Label order, e.g. name,application. |
list(any) |
[
"name",
"environment"
] |
no |
| log_retention_days |
Number of days to keep AWS logs around in specific log group. |
string |
90 |
no |
| managedby |
ManagedBy, eg 'CloudDrove'. |
string |
"[email protected]" |
no |
| name |
Name (e.g. app or cluster). |
string |
n/a |
yes |
| read_write_type |
Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. |
string |
"All" |
no |
| repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-aws-cloudtrail" |
no |
| s3_bucket_name |
S3 bucket name for CloudTrail log. |
string |
"" |
no |
| s3_key_prefix |
(Optional) S3 key prefix that follows the name of the bucket you have designated for log file delivery. |
string |
"" |
no |
| sns_topic_name |
Specifies the name of the Amazon SNS topic defined for notification of log file delivery. |
string |
null |
no |