lza_menace
/
tf-modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ctalarms-whitelist
master
v0.0.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
tf-modules/monitoring/cloudtrail-alarms
History
lalanza808 70a5102387 add cloudtrail-alarms module 4 years ago
..
README.md add cloudtrail-alarms module 4 years ago
main.tf add cloudtrail-alarms module 4 years ago
variables.tf add cloudtrail-alarms module 4 years ago

README.md

Cloudtrail Alarms

Hooks into an existing Cloudtrail and Cloudwatch Logs deployment enabled so that we can setup Log metric filters to look for certain patterns.

We are able to tail Cloudtrail events and alarm on certain log messages as they occur. The full list can be seen in main.tf

These alarms are necessary to be in compliance with CIS Benchmarks, a very popular framework for securing AWS environments.

Usage

module "cloudtrail" {
  source               = "github.com/lalanza808/tf-modules.git/security/cloudtrail"
  force_destroy_bucket = true
}

module "sns_topic" {
  source     = "github.com/lalanza808/tf-modules.git/monitoring/sns-email-topic"
  sns_emails = ["user@email.com"]
}

module "cloudtrail-alarms" {
  source         = "github.com/lalanza808/tf-modules.git/monitoring/cloudtrail-alarms"
  log_group_name = module.cloudtrail.log_group_name
  sns_topic_arn  = module.sns_topic.topic_arn
  account_name   = "Sandbox"
}

Inputs

  • log_group_name - Cloudwatch Logs group containing Cloudtrail event data
  • sns_topic_arn - The SNS topic ARN to publish event messages to based upon alarm conditions
  • account_name - Name of the AWS account for labeling purposes

See the full list of inputs here: variables.tf

Outputs

None - output.tf