diff --git a/README.md b/README.md index 5fd7cd09d..428b5409b 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This is a collection of reusable root modules for CloudPosse AWS accounts. Use the `terraform-root-modules` Docker image as the base image in the application `Dockerfile`, and copy the modules from `/aws` folder into `/conf` folder ```dockerfile -FROM cloudposse/terraform-root-modules:0.2.2 as terraform-root-modules +FROM cloudposse/terraform-root-modules:0.3.1 as terraform-root-modules FROM cloudposse/geodesic:0.9.18 diff --git a/aws/audit-cloudtrail/main.tf b/aws/audit-cloudtrail/main.tf new file mode 100644 index 000000000..0f204639d --- /dev/null +++ b/aws/audit-cloudtrail/main.tf @@ -0,0 +1,68 @@ +terraform { + required_version = ">= 0.11.2" + + backend "s3" {} +} + +variable "aws_assume_role_arn" { + type = "string" +} + +provider "aws" { + assume_role { + role_arn = "${var.aws_assume_role_arn}" + } +} + +variable "namespace" { + type = "string" + description = "Namespace (e.g. `cp` or `cloudposse`)" +} + +variable "stage" { + type = "string" + description = "Stage (e.g. `audit`)" + default = "audit" +} + +variable "name" { + type = "string" + description = "Name (e.g. `account`)" + default = "account" +} + +variable "region" { + type = "string" + description = "AWS region" +} + +module "cloudtrail" { + source = "git::https://github.com/cloudposse/terraform-aws-cloudtrail.git?ref=tags/0.3.0" + namespace = "${var.namespace}" + stage = "${var.stage}" + name = "${var.name}" + enable_logging = "true" + enable_log_file_validation = "true" + include_global_service_events = "true" + is_multi_region_trail = "true" + s3_bucket_name = "${module.cloudtrail_s3_bucket.bucket_id}" +} + +module "cloudtrail_s3_bucket" { + namespace = "${var.namespace}" + stage = "${var.stage}" + name = "${var.name}" + region = "${var.region}" +} + +output "cloudtrail_bucket_domain_name" { + value = "${module.cloudtrail_s3_bucket.bucket_domain_name}" +} + +output "cloudtrail_bucket_id" { + value = "${module.cloudtrail_s3_bucket.bucket_id}" +} + +output "cloudtrail_bucket_arn" { + value = "${module.cloudtrail_s3_bucket.bucket_arn}" +} diff --git a/aws/audit-cloudtrail/terraform.tfvars.example b/aws/audit-cloudtrail/terraform.tfvars.example new file mode 100644 index 000000000..d598dbbba --- /dev/null +++ b/aws/audit-cloudtrail/terraform.tfvars.example @@ -0,0 +1,4 @@ +namespace="cp" +stage="audit" +name="account" +region="us-west-2" diff --git a/aws/cloudtrail/main.tf b/aws/cloudtrail/main.tf index 2d3a694a0..04a3ebb3e 100644 --- a/aws/cloudtrail/main.tf +++ b/aws/cloudtrail/main.tf @@ -4,7 +4,9 @@ terraform { backend "s3" {} } -variable "aws_assume_role_arn" {} +variable "aws_assume_role_arn" { + type = "string" +} provider "aws" { assume_role { @@ -24,28 +26,10 @@ variable "stage" { variable "name" { type = "string" - description = "Application or solution name (e.g. `app`)" + description = "Name (e.g. `account`)" default = "account" } -variable "delimiter" { - type = "string" - default = "-" - description = "Delimiter to be used between `namespace`, `stage`, `name` and `attributes`" -} - -variable "attributes" { - type = "list" - default = [] - description = "Additional attributes (e.g. `1`)" -} - -variable "tags" { - type = "map" - default = {} - description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)" -} - module "cloudtrail" { source = "git::https://github.com/cloudposse/terraform-aws-cloudtrail.git?ref=tags/0.3.0" namespace = "${var.namespace}" diff --git a/aws/cloudtrail/terraform.tfvars.example b/aws/cloudtrail/terraform.tfvars.example index cc5cc21e2..1da1718b2 100644 --- a/aws/cloudtrail/terraform.tfvars.example +++ b/aws/cloudtrail/terraform.tfvars.example @@ -1,2 +1,3 @@ namespace="cp" stage="staging" +name="account"