2021-01-27 11:36:52 +08:00
|
|
|
# Overview
|
|
|
|
|
This module performs the following tasks:
|
|
|
|
|
|
|
|
|
|
- Create KMS key for cloudtrail and CWL encryption
|
|
|
|
|
- Create s3 bucket for cloudtrail use
|
|
|
|
|
- Create cloudtrail
|
|
|
|
|
- Create cloudwatch log group for cloudtrail
|
|
|
|
|
- Create cloudwatch metric filter for CIS1.1
|
2021-01-28 16:36:32 +08:00
|
|
|
- Create cloudwatch alarm for CIS1.1
|
|
|
|
|
|
|
|
|
|
## Inputs:
|
|
|
|
|
| Name | Description | Type | Default | Required |
|
|
|
|
|
|------|-------------|------|---------|:-----:|
|
|
|
|
|
| application | name of application | string | none | yes |
|
|
|
|
|
| environment | capacity of environment (prd/dev/lab) | string | none | yes |
|
|
|
|
|
| customer-name | owner of aws resources | string | none | yes |
|
|
|
|
|
| project | name of project | string | none | yes |
|
|
|
|
|
| default-tags | tags to be added to resources | list | none | yes |
|
|
|
|
|
| cloudtrail-retain-days | Days before cloudtrail logs are expired on s3 | number | 90 | yes |
|
|
|
|
|
| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
|
|
|
|
|
|
