Adding organizations (#21)

* adding the option to configure and organization trail * typo in the definition of the var * updating terraform documentation * updating the README
cloudposse · Apr 26, 2019 · fb17eee · fb17eee
1 parent a9b1b6c
commit fb17eee
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -106,6 +106,7 @@ Available targets:
 | event_selector | Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable | list | `<list>` | no |
 | include_global_service_events | Specifies whether the trail is publishing events from global services such as IAM to the log files | string | `false` | no |
 | is_multi_region_trail | Specifies whether the trail is created in the current region or in all regions | string | `false` | no |
+| is_organization_trail | The trail is an AWS Organizations trail | string | `"false"` | no |
 | kms_key_id | Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail | string | `` | no |
 | name | Name  (e.g. `app` or `cluster`) | string | - | yes |
 | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -1,22 +1,22 @@
-
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | attributes | Additional attributes (e.g. `logs`) | list | `<list>` | no |
-| cloud_watch_logs_group_arn | Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered | string | `` | no |
-| cloud_watch_logs_role_arn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group | string | `` | no |
-| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
-| enable_log_file_validation | Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs | string | `true` | no |
-| enable_logging | Enable logging for the trail | string | `true` | no |
+| cloud_watch_logs_group_arn | Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered | string | `""` | no |
+| cloud_watch_logs_role_arn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group | string | `""` | no |
+| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `"-"` | no |
+| enable_log_file_validation | Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs | string | `"true"` | no |
+| enable_logging | Enable logging for the trail | string | `"true"` | no |
 | event_selector | Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable | list | `<list>` | no |
-| include_global_service_events | Specifies whether the trail is publishing events from global services such as IAM to the log files | string | `false` | no |
-| is_multi_region_trail | Specifies whether the trail is created in the current region or in all regions | string | `false` | no |
-| kms_key_id | Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail | string | `` | no |
-| name | Name  (e.g. `app` or `cluster`) | string | - | yes |
-| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
-| s3_bucket_name | S3 bucket name for CloudTrail logs | string | - | yes |
-| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
+| include_global_service_events | Specifies whether the trail is publishing events from global services such as IAM to the log files | string | `"false"` | no |
+| is_multi_region_trail | Specifies whether the trail is created in the current region or in all regions | string | `"false"` | no |
+| is_organization_trail | The trail is an AWS Organizations trail | string | `"false"` | no |
+| kms_key_id | Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail | string | `""` | no |
+| name | Name  (e.g. `app` or `cluster`) | string | n/a | yes |
+| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | n/a | yes |
+| s3_bucket_name | S3 bucket name for CloudTrail logs | string | n/a | yes |
+| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | n/a | yes |
 | tags | Additional tags (e.g. map('BusinessUnit`,`XYZ`) | map | `<map>` | no |
 
 ## Outputs

diff --git a/main.tf b/main.tf
@@ -20,4 +20,5 @@ resource "aws_cloudtrail" "default" {
   tags                          = "${module.cloudtrail_label.tags}"
   event_selector                = "${var.event_selector}"
   kms_key_id                    = "${var.kms_key_id}"
+  is_organization_trail         = "${var.is_organization_trail}"
 }
diff --git a/variables.tf b/variables.tf
@@ -76,3 +76,8 @@ variable "kms_key_id" {
   description = "Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail"
   default     = ""
 }
+
+variable "is_organization_trail" {
+  default     = "false"
+  description = "The trail is an AWS Organizations trail"
+}