diff --git a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate deleted file mode 100644 index dd6e6b5..0000000 --- a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate +++ /dev/null @@ -1,803 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.14.5", - "serial": 120, - "lineage": "26e4bec8-8ad6-a262-52c6-fbcad6b7a499", - "outputs": {}, - "resources": [ - { - "mode": "data", - "type": "aws_caller_identity", - "name": "this", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "573340405480", - "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93", - "id": "573340405480", - "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "data", - "type": "aws_caller_identity", - "name": "this", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "573340405480", - "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93", - "id": "573340405480", - "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "cloudtrail_bucket_policy", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "2147598273", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AWSCloudTrailAclCheck\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n }\n },\n {\n \"Sid\": \"AWSCloudTrailWrite\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480/*\",\n \"Principal\": {\n \"Service\": [\n \"config.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n }\n },\n {\n \"Sid\": \"ReadAccessForAccountOwner\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:Get*\",\n \"Resource\": [\n \"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480/*\",\n \"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480\"\n ],\n \"Principal\": {\n \"AWS\": \"573340405480\"\n }\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "s3:GetBucketAcl" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "cloudtrail.amazonaws.com" - ], - "type": "Service" - } - ], - "resources": [ - "arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480" - ], - "sid": "AWSCloudTrailAclCheck" - }, - { - "actions": [ - "s3:PutObject" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "cloudtrail.amazonaws.com", - "config.amazonaws.com" - ], - "type": "Service" - } - ], - "resources": [ - "arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480/*" - ], - "sid": "AWSCloudTrailWrite" - }, - { - "actions": [ - "s3:Get*" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "573340405480" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480", - "arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480/*" - ], - "sid": "ReadAccessForAccountOwner" - } - ], - "version": "2012-10-17" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "ct-role-assumerole-policy", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "3361274866", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n }\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "sts:AssumeRole" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "cloudtrail.amazonaws.com" - ], - "type": "Service" - } - ], - "resources": [], - "sid": "" - } - ], - "version": "2012-10-17" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "ct-role-pdoc", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "1046663528", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"logs:CreateLogStream\",\n \"Resource\": \"arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001:log-stream:*\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"logs:PutLogEvents\",\n \"Resource\": \"arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001:log-stream:*\"\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "logs:CreateLogStream" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001:log-stream:*" - ], - "sid": "" - }, - { - "actions": [ - "logs:PutLogEvents" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001:log-stream:*" - ], - "sid": "" - } - ], - "version": "2012-10-17" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "key-policy", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "3662241047", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Key usage by aws services\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": [\n \"sqs.amazonaws.com\",\n \"sns.amazonaws.com\",\n \"s3.amazonaws.com\",\n \"logs.amazonaws.com\",\n \"lambda.amazonaws.com\",\n \"guardduty.amazonaws.com\",\n \"events.amazonaws.com\",\n \"eks.amazonaws.com\",\n \"eks-nodegroup.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n \"cloudwatch.amazonaws.com\",\n \"cloudtrail.amazonaws.com\",\n \"backup.amazonaws.com\",\n \"autoscaling.amazonaws.com\"\n ]\n }\n },\n {\n \"Sid\": \"Key administrator\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"573340405480\"\n }\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "autoscaling.amazonaws.com", - "backup.amazonaws.com", - "cloudtrail.amazonaws.com", - "cloudwatch.amazonaws.com", - "delivery.logs.amazonaws.com", - "eks-nodegroup.amazonaws.com", - "eks.amazonaws.com", - "events.amazonaws.com", - "guardduty.amazonaws.com", - "lambda.amazonaws.com", - "logs.amazonaws.com", - "s3.amazonaws.com", - "sns.amazonaws.com", - "sqs.amazonaws.com" - ], - "type": "Service" - } - ], - "resources": [ - "*" - ], - "sid": "Key usage by aws services" - }, - { - "actions": [ - "kms:*" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "573340405480" - ], - "type": "AWS" - } - ], - "resources": [ - "*" - ], - "sid": "Key administrator" - } - ], - "version": "2012-10-17" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_cloudtrail", - "name": "default", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:cloudtrail:ap-northeast-1:573340405480:trail/lab-apne1-racken-cleanslate-trail-001", - "cloud_watch_logs_group_arn": "arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001:*", - "cloud_watch_logs_role_arn": "arn:aws:iam::573340405480:role/lab-apne1-racken-cleanslate-cwl-role", - "enable_log_file_validation": true, - "enable_logging": true, - "event_selector": [ - { - "data_resource": [ - { - "type": "AWS::S3::Object", - "values": [ - "arn:aws:s3:::" - ] - }, - { - "type": "AWS::Lambda::Function", - "values": [ - "arn:aws:lambda" - ] - } - ], - "include_management_events": true, - "read_write_type": "All" - } - ], - "home_region": "ap-northeast-1", - "id": "lab-apne1-racken-cleanslate-trail-001", - "include_global_service_events": true, - "insight_selector": [], - "is_multi_region_trail": true, - "is_organization_trail": false, - "kms_key_id": "arn:aws:kms:ap-northeast-1:573340405480:key/1f740a00-6039-4914-91b5-e2f5ba475f5f", - "name": "lab-apne1-racken-cleanslate-trail-001", - "s3_bucket_name": "lab-apne1-racken-cleanslate-ctbucket-573340405480", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": { - "Application": "infra", - "BuildDate": "20210128", - "CreatedBy": "racker-ken2-eade1d93", - "Environment": "lab", - "Project": "cleanslate", - "ServiceProvider": "RackspaceTechnology", - "TerraformDir": "aws-baseline-infra/layers/security_identity_compliance/cloudtrail_cloudwatchlogs", - "TerraformMode": "managed" - } - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_cloudwatch_log_group.ct-cwl", - "module.cloudtrail-cwl.aws_iam_role.iam_cloudtrial_cloudwatch_role", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.ct-role-assumerole-policy", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_cloudwatch_log_group", - "name": "ct-cwl", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001", - "id": "lab-apne1-racken-cleanslate-cwl-001", - "kms_key_id": "arn:aws:kms:ap-northeast-1:573340405480:key/1f740a00-6039-4914-91b5-e2f5ba475f5f", - "name": "lab-apne1-racken-cleanslate-cwl-001", - "name_prefix": null, - "retention_in_days": 90, - "tags": { - "Application": "infra", - "BuildDate": "20210128", - "CreatedBy": "racker-ken2-eade1d93", - "Environment": "lab", - "Project": "cleanslate", - "ServiceProvider": "RackspaceTechnology", - "TerraformDir": "aws-baseline-infra/layers/security_identity_compliance/cloudtrail_cloudwatchlogs", - "TerraformMode": "managed" - } - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_cloudwatch_log_metric_filter", - "name": "cwl-metric-filter-cis11", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "cis11-rootaccess-filter", - "log_group_name": "lab-apne1-racken-cleanslate-cwl-001", - "metric_transformation": [ - { - "default_value": "", - "name": "cis11-rootaccess-metric", - "namespace": "LogMetrics", - "value": "1" - } - ], - "name": "cis11-rootaccess-filter", - "pattern": "{$.userIdentity.type=\"Root\" \u0026\u0026 $.userIdentity.invokedBy NOT EXISTS \u0026\u0026 $.eventType !=\"AwsServiceEvent\"}" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_cloudwatch_log_group.ct-cwl", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_cloudwatch_metric_alarm", - "name": "cis11-rootaccess-alarm", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "actions_enabled": true, - "alarm_actions": [], - "alarm_description": "Root access is detected from cloudtrail", - "alarm_name": "cis11-rootaccess-alarm", - "arn": "arn:aws:cloudwatch:ap-northeast-1:573340405480:alarm:cis11-rootaccess-alarm", - "comparison_operator": "GreaterThanOrEqualToThreshold", - "datapoints_to_alarm": 0, - "dimensions": {}, - "evaluate_low_sample_count_percentiles": "", - "evaluation_periods": 1, - "extended_statistic": "", - "id": "cis11-rootaccess-alarm", - "insufficient_data_actions": [], - "metric_name": "cis11-rootaccess-metric", - "metric_query": [], - "namespace": "LogMetrics", - "ok_actions": [], - "period": 300, - "statistic": "Average", - "tags": {}, - "threshold": 1, - "threshold_metric_id": "", - "treat_missing_data": "notBreaching", - "unit": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_iam_role", - "name": "iam_cloudtrial_cloudwatch_role", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::573340405480:role/lab-apne1-racken-cleanslate-cwl-role", - "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", - "create_date": "2021-01-28T01:08:17Z", - "description": "Enables AWS CloudTrail to deliver log to CloudWatch log", - "force_detach_policies": false, - "id": "lab-apne1-racken-cleanslate-cwl-role", - "max_session_duration": 3600, - "name": "lab-apne1-racken-cleanslate-cwl-role", - "name_prefix": null, - "path": "/", - "permissions_boundary": null, - "tags": { - "Application": "infra", - "BuildDate": "20210128", - "CreatedBy": "racker-ken2-eade1d93", - "Environment": "lab", - "Project": "cleanslate", - "ServiceProvider": "RackspaceTechnology", - "TerraformDir": "aws-baseline-infra/layers/security_identity_compliance/cloudtrail_cloudwatchlogs", - "TerraformMode": "managed" - }, - "unique_id": "AROAYK7OAJ3ULYJS5RX3N" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.ct-role-assumerole-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_iam_role_policy", - "name": "iam_cloudtrial_cloudwatach_role_policy", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "lab-apne1-racken-cleanslate-cwl-role:lab-apne1-racken-cleanslate-cwl-role-policy", - "name": "lab-apne1-racken-cleanslate-cwl-role-policy", - "name_prefix": null, - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"logs:CreateLogStream\",\n \"Resource\": \"arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001:log-stream:*\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"logs:PutLogEvents\",\n \"Resource\": \"arn:aws:logs:ap-northeast-1:573340405480:log-group:lab-apne1-racken-cleanslate-cwl-001:log-stream:*\"\n }\n ]\n}", - "role": "lab-apne1-racken-cleanslate-cwl-role" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_cloudwatch_log_group.ct-cwl", - "module.cloudtrail-cwl.aws_iam_role.iam_cloudtrial_cloudwatch_role", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.ct-role-assumerole-policy", - "module.cloudtrail-cwl.data.aws_iam_policy_document.ct-role-pdoc", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_kms_alias", - "name": "ctbucket-key-aliaas", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:kms:ap-northeast-1:573340405480:alias/lab-apne1-racken-cleanslate-ctkey-alias", - "id": "alias/lab-apne1-racken-cleanslate-ctkey-alias", - "name": "alias/lab-apne1-racken-cleanslate-ctkey-alias", - "name_prefix": null, - "target_key_arn": "arn:aws:kms:ap-northeast-1:573340405480:key/1f740a00-6039-4914-91b5-e2f5ba475f5f", - "target_key_id": "1f740a00-6039-4914-91b5-e2f5ba475f5f" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_kms_key", - "name": "ctbucket-key", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "arn": "arn:aws:kms:ap-northeast-1:573340405480:key/1f740a00-6039-4914-91b5-e2f5ba475f5f", - "customer_master_key_spec": "SYMMETRIC_DEFAULT", - "deletion_window_in_days": 7, - "description": "", - "enable_key_rotation": false, - "id": "1f740a00-6039-4914-91b5-e2f5ba475f5f", - "is_enabled": true, - "key_id": "1f740a00-6039-4914-91b5-e2f5ba475f5f", - "key_usage": "ENCRYPT_DECRYPT", - "policy": "{\"Statement\":[{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"logs.amazonaws.com\",\"lambda.amazonaws.com\",\"eks.amazonaws.com\",\"cloudtrail.amazonaws.com\",\"s3.amazonaws.com\",\"backup.amazonaws.com\",\"guardduty.amazonaws.com\",\"events.amazonaws.com\",\"autoscaling.amazonaws.com\",\"sqs.amazonaws.com\",\"delivery.logs.amazonaws.com\",\"sns.amazonaws.com\",\"eks-nodegroup.amazonaws.com\",\"cloudwatch.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Key usage by aws services\"},{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Resource\":\"*\",\"Sid\":\"Key administrator\"}],\"Version\":\"2012-10-17\"}", - "tags": { - "Application": "infra", - "BuildDate": "20210128", - "CreatedBy": "racker-ken2-eade1d93", - "Environment": "lab", - "Project": "cleanslate", - "ServiceProvider": "RackspaceTechnology", - "TerraformDir": "aws-baseline-infra/layers/security_identity_compliance/cloudtrail_cloudwatchlogs", - "TerraformMode": "managed" - } - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_s3_bucket", - "name": "ct-bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "private", - "arn": "arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480", - "bucket": "lab-apne1-racken-cleanslate-ctbucket-573340405480", - "bucket_domain_name": "lab-apne1-racken-cleanslate-ctbucket-573340405480.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "lab-apne1-racken-cleanslate-ctbucket-573340405480.s3.ap-northeast-1.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "grant": [], - "hosted_zone_id": "Z2M4EHUR26P7ZW", - "id": "lab-apne1-racken-cleanslate-ctbucket-573340405480", - "lifecycle_rule": [ - { - "abort_incomplete_multipart_upload_days": 0, - "enabled": true, - "expiration": [ - { - "date": "", - "days": 90, - "expired_object_delete_marker": false - } - ], - "id": "lab-apne1-racken-cleanslate-ctbucket-lifecycle-rule", - "noncurrent_version_expiration": [], - "noncurrent_version_transition": [], - "prefix": "", - "tags": {}, - "transition": [ - { - "date": "", - "days": 30, - "storage_class": "INTELLIGENT_TIERING" - } - ] - } - ], - "logging": [], - "object_lock_configuration": [], - "policy": "{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cloudtrail.amazonaws.com\",\"config.amazonaws.com\"]},\"Resource\":\"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480/*\",\"Sid\":\"AWSCloudTrailWrite\"},{\"Action\":\"s3:Get*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Resource\":[\"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480/*\",\"arn:aws:s3:::lab-apne1-racken-cleanslate-ctbucket-573340405480\"],\"Sid\":\"ReadAccessForAccountOwner\"}],\"Version\":\"2012-10-17\"}", - "region": "ap-northeast-1", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [ - { - "rule": [ - { - "apply_server_side_encryption_by_default": [ - { - "kms_master_key_id": "arn:aws:kms:ap-northeast-1:573340405480:key/1f740a00-6039-4914-91b5-e2f5ba475f5f", - "sse_algorithm": "aws:kms" - } - ] - } - ] - } - ], - "tags": { - "Application": "infra", - "BuildDate": "20210128", - "CreatedBy": "racker-ken2-eade1d93", - "Environment": "lab", - "Project": "cleanslate", - "ServiceProvider": "RackspaceTechnology", - "TerraformDir": "aws-baseline-infra/layers/security_identity_compliance/cloudtrail_cloudwatchlogs", - "TerraformMode": "managed" - }, - "versioning": [ - { - "enabled": false, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.cloudtrail_bucket_policy", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_s3_bucket_ownership_controls", - "name": "ctbucket-ownership-setting", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "lab-apne1-racken-cleanslate-ctbucket-573340405480", - "id": "lab-apne1-racken-cleanslate-ctbucket-573340405480", - "rule": [ - { - "object_ownership": "BucketOwnerPreferred" - } - ] - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.aws_s3_bucket.ct-bucket", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.cloudtrail_bucket_policy", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - }, - { - "module": "module.cloudtrail-cwl", - "mode": "managed", - "type": "aws_s3_bucket_public_access_block", - "name": "s3-public-access-settings", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "block_public_acls": true, - "block_public_policy": true, - "bucket": "lab-apne1-racken-cleanslate-ctbucket-573340405480", - "id": "lab-apne1-racken-cleanslate-ctbucket-573340405480", - "ignore_public_acls": true, - "restrict_public_buckets": true - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "data.aws_caller_identity.this", - "module.cloudtrail-cwl.aws_kms_key.ctbucket-key", - "module.cloudtrail-cwl.aws_s3_bucket.ct-bucket", - "module.cloudtrail-cwl.data.aws_caller_identity.this", - "module.cloudtrail-cwl.data.aws_iam_policy_document.cloudtrail_bucket_policy", - "module.cloudtrail-cwl.data.aws_iam_policy_document.key-policy" - ] - } - ] - } - ] -}