GitHub release (latest SemVer) GitHub pre-commit
Terraform module which creates security related resources on AWS.
- access-analyzer
- cloudtrail-event-data-store
- cloudtrail-trail
- config-managed-rule
- config-recorder
- macie-account
- macie-custom-data-identifier
Terraform Modules from this package were written to manage the following AWS Services with Terraform.
- AWS IAM
- Access Analyzer
- AWS CloudTrail
- Event Data Store
- Trail
- AWS Config
- Recorder
- Rules
- Managed Rules
- AWS Macie
- Account
- Member Accounts
- Organization Configurations
- Custom Data Identifier
- Account
module "event_data_store" { source = "tedilabs/security/aws//modules/cloudtrail-event-data-store" version = "~> 0.6.0" name = "management-event" level = "ACCOUNT" scope = "REGIONAL" ## Event Selector event_type = "CLOUDTRAIL_EVENTS" event_selectors = [ { category = "MANAGEMENT" scope = "READ" exclude_sources = ["kms.amazonaws.com"] }, { category = "DATA" scope = "ALL" resource_type = "AWS::S3::Object" selectors = [ { field = "resource_arn" operator = "ends_with" values = ["hello"] } ] }, { category = "DATA" scope = "WRITE" resource_type = "AWS::S3Outposts::Object" selectors = [ { field = "event_name" operator = "starts_with" values = ["Put"] } ] }, ] ## IAM Role import_trail_events_iam_role = { enabled = true source_s3_buckets = [ { name = "helloworld" key_prefix = "asdf/" }, { name = "foo" key_prefix = "bar/" }, { name = "demo" key_prefix = "" }, ] } ## Attributes retention_in_days = 365 * 7 termination_protection_enabled = false tags = { "project" = "terraform-aws-security-examples" } }
- Simple Event Data Store in CloudTrail
- Event Data Store in CloudTrail with Config Configuration Items
- Full Event Data Store in CloudTrail
Like this project? Follow the repository on GitHub. And if you're feeling especially charitable, follow posquit0 on GitHub.
Provided under the terms of the Apache License.
Copyright Β© 2021-2025, Byungjin Park.