From 2f5ff21904ff3a384a3bb51c9f3649a67e8aaa70 Mon Sep 17 00:00:00 2001 From: christopherriley Date: Tue, 28 May 2019 21:15:17 -0700 Subject: [PATCH 1/3] add "enabled" flag to the module --- main.tf | 2 ++ variables.tf | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/main.tf b/main.tf index 39bcfc3..2036c88 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,6 @@ module "cloudtrail_label" { source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.1.2" + enabled = "${var.enabled}" namespace = "${var.namespace}" stage = "${var.stage}" name = "${var.name}" @@ -10,6 +11,7 @@ module "cloudtrail_label" { resource "aws_cloudtrail" "default" { name = "${module.cloudtrail_label.id}" + count = "${var.enabled == "true" ? 1 : 0}" enable_logging = "${var.enable_logging}" s3_bucket_name = "${var.s3_bucket_name}" enable_log_file_validation = "${var.enable_log_file_validation}" diff --git a/variables.tf b/variables.tf index f56d344..4f8104e 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,8 @@ +variable "enabled" { + description = "If true, deploy the resources for the module" + default = "true" +} + variable "namespace" { description = "Namespace (e.g. `cp` or `cloudposse`)" type = "string" From 16bd229f049409bbea8b0118dc87de1208edf8cf Mon Sep 17 00:00:00 2001 From: christopherriley Date: Tue, 28 May 2019 21:55:42 -0700 Subject: [PATCH 2/3] update README --- README.md | 113 ++++++++++++++++++++++++++++++++++++---------- docs/terraform.md | 27 +++++------ 2 files changed, 102 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 1bc6ec8..b862582 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ +[![README Header][readme_header_img]][readme_header_link] -[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com) +[![Cloud Posse][logo]](https://cpco.io/homepage) # terraform-aws-cloudtrail [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-cloudtrail.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-cloudtrail) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-cloudtrail.svg)](https://travis-ci.org/cloudposse/terraform-aws-cloudtrail/releases) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) @@ -19,7 +20,17 @@ while the S3 bucket to store the CloudTrail logs is created in the Audit AWS acc --- -This project is part of our comprehensive ["SweetOps"](https://docs.cloudposse.com) approach towards DevOps. +This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. +[][share_email] +[][share_googleplus] +[][share_facebook] +[][share_reddit] +[][share_linkedin] +[][share_twitter] + + +[![Terraform Open Source Modules](https://docs.cloudposse.com/images/terraform-open-source-modules.svg)][terraform_modules] + It's 100% Open Source and licensed under the [APACHE2](LICENSE). @@ -30,11 +41,21 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE). +We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! + + + + ## Usage + +**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases. +Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-cloudtrail/releases). + + ```hcl module "cloudtrail" { source = "git::https://github.com/cloudposse/terraform-aws-cloudtrail.git?ref=master" @@ -92,7 +113,6 @@ Available targets: lint Lint terraform code ``` - ## Inputs | Name | Description | Type | Default | Required | @@ -103,10 +123,11 @@ Available targets: | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | | enable_log_file_validation | Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs | string | `true` | no | | enable_logging | Enable logging for the trail | string | `true` | no | +| enabled | If true, deploy the resources for the module | string | `true` | no | | event_selector | Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable | list | `` | no | | include_global_service_events | Specifies whether the trail is publishing events from global services such as IAM to the log files | string | `false` | no | | is_multi_region_trail | Specifies whether the trail is created in the current region or in all regions | string | `false` | no | -| is_organization_trail | The trail is an AWS Organizations trail | string | `"false"` | no | +| is_organization_trail | The trail is an AWS Organizations trail | string | `false` | no | | kms_key_id | Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail | string | `` | no | | name | Name (e.g. `app` or `cluster`) | string | - | yes | | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes | @@ -125,6 +146,13 @@ Available targets: +## Share the Love + +Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-cloudtrail)! (it helps us **a lot**) + +Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) + + ## Related Projects Check out these related projects. @@ -141,26 +169,38 @@ Check out these related projects. File a GitHub [issue](https://github.com/cloudposse/terraform-aws-cloudtrail/issues), send us an [email][email] or join our [Slack Community][slack]. +[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link] + ## Commercial Support Work directly with our team of DevOps experts via email, slack, and video conferencing. We provide [*commercial support*][commercial_support] for all of our [Open Source][github] projects. As a *Dedicated Support* customer, you have access to our team of subject matter experts at a fraction of the cost of a full-time engineer. -[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)](mailto:hello@cloudposse.com) +[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)][email] - **Questions.** We'll use a Shared Slack channel between your team and ours. - **Troubleshooting.** We'll help you triage why things aren't working. - **Code Reviews.** We'll review your Pull Requests and provide constructive feedback. - **Bug Fixes.** We'll rapidly work to fix any bugs in our projects. -- **Build New Terraform Modules.** We'll develop original modules to provision infrastructure. +- **Build New Terraform Modules.** We'll [develop original modules][module_development] to provision infrastructure. - **Cloud Architecture.** We'll assist with your cloud strategy and design. - **Implementation.** We'll provide hands-on support to implement our reference architectures. -## Community Forum -Get access to our [Open Source Community Forum][slack] on Slack. It's **FREE** to join for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build *sweet* infrastructure. +## Terraform Module Development + +Are you interested in custom Terraform module development? Submit your inquiry using [our form][module_development] today and we'll get back to you ASAP. + + +## Slack Community + +Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. + +## Newsletter + +Signup for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. ## Contributing @@ -170,7 +210,7 @@ Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-cloud ### Developing -If you are interested in being a contributor and want to get involved in developing this project or [help out](https://github.com/orgs/cloudposse/projects/3) with our other projects, we would love to hear from you! Shoot us an [email](mailto:hello@cloudposse.com). +If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email]. In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. @@ -185,7 +225,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2018 [Cloud Posse, LLC](https://cloudposse.com) +Copyright © 2017-2019 [Cloud Posse, LLC](https://cpco.io/copyright) @@ -226,26 +266,16 @@ All other trademarks referenced herein are the property of their respective owne ## About -This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know at +This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]! -[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com) +[![Cloud Posse][logo]][website] -We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We love [Open Source Software](https://github.com/cloudposse/)! +We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source]. -We offer paid support on all of our projects. +We offer [paid support][commercial_support] on all of our projects. -Check out [our other projects][github], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. +Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. - [docs]: https://docs.cloudposse.com/ - [website]: https://cloudposse.com/ - [github]: https://github.com/cloudposse/ - [commercial_support]: https://github.com/orgs/cloudposse/projects - [jobs]: https://cloudposse.com/jobs/ - [hire]: https://cloudposse.com/contact/ - [slack]: https://slack.cloudposse.com/ - [linkedin]: https://www.linkedin.com/company/cloudposse - [twitter]: https://twitter.com/cloudposse/ - [email]: mailto:hello@cloudposse.com ### Contributors @@ -263,3 +293,36 @@ Check out [our other projects][github], [apply for a job][jobs], or [hire us][hi [Jamie-BitFlight_avatar]: https://github.com/Jamie-BitFlight.png?size=150 + +[![README Footer][readme_footer_img]][readme_footer_link] +[![Beacon][beacon]][website] + + [logo]: https://cloudposse.com/logo-300x69.svg + [docs]: https://cpco.io/docs + [website]: https://cpco.io/homepage + [github]: https://cpco.io/github + [jobs]: https://cpco.io/jobs + [hire]: https://cpco.io/hire + [slack]: https://cpco.io/slack + [linkedin]: https://cpco.io/linkedin + [twitter]: https://cpco.io/twitter + [testimonial]: https://cpco.io/leave-testimonial + [newsletter]: https://cpco.io/newsletter + [email]: https://cpco.io/email + [commercial_support]: https://cpco.io/commercial-support + [we_love_open_source]: https://cpco.io/we-love-open-source + [module_development]: https://cpco.io/module-development + [terraform_modules]: https://cpco.io/terraform-modules + [readme_header_img]: https://cloudposse.com/readme/header/img?repo=cloudposse/terraform-aws-cloudtrail + [readme_header_link]: https://cloudposse.com/readme/header/link?repo=cloudposse/terraform-aws-cloudtrail + [readme_footer_img]: https://cloudposse.com/readme/footer/img?repo=cloudposse/terraform-aws-cloudtrail + [readme_footer_link]: https://cloudposse.com/readme/footer/link?repo=cloudposse/terraform-aws-cloudtrail + [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img?repo=cloudposse/terraform-aws-cloudtrail + [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?repo=cloudposse/terraform-aws-cloudtrail + [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-cloudtrail&url=https://github.com/cloudposse/terraform-aws-cloudtrail + [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-cloudtrail&url=https://github.com/cloudposse/terraform-aws-cloudtrail + [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-cloudtrail + [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/terraform-aws-cloudtrail + [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-cloudtrail + [share_email]: mailto:?subject=terraform-aws-cloudtrail&body=https://github.com/cloudposse/terraform-aws-cloudtrail + [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-cloudtrail?pixel&cs=github&cm=readme&an=terraform-aws-cloudtrail diff --git a/docs/terraform.md b/docs/terraform.md index 9aa78ee..f12c572 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,20 +3,21 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | attributes | Additional attributes (e.g. `logs`) | list | `` | no | -| cloud_watch_logs_group_arn | Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered | string | `""` | no | -| cloud_watch_logs_role_arn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group | string | `""` | no | -| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `"-"` | no | -| enable_log_file_validation | Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs | string | `"true"` | no | -| enable_logging | Enable logging for the trail | string | `"true"` | no | +| cloud_watch_logs_group_arn | Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered | string | `` | no | +| cloud_watch_logs_role_arn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group | string | `` | no | +| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | +| enable_log_file_validation | Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs | string | `true` | no | +| enable_logging | Enable logging for the trail | string | `true` | no | +| enabled | If true, deploy the resources for the module | string | `true` | no | | event_selector | Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable | list | `` | no | -| include_global_service_events | Specifies whether the trail is publishing events from global services such as IAM to the log files | string | `"false"` | no | -| is_multi_region_trail | Specifies whether the trail is created in the current region or in all regions | string | `"false"` | no | -| is_organization_trail | The trail is an AWS Organizations trail | string | `"false"` | no | -| kms_key_id | Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail | string | `""` | no | -| name | Name (e.g. `app` or `cluster`) | string | n/a | yes | -| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | n/a | yes | -| s3_bucket_name | S3 bucket name for CloudTrail logs | string | n/a | yes | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | n/a | yes | +| include_global_service_events | Specifies whether the trail is publishing events from global services such as IAM to the log files | string | `false` | no | +| is_multi_region_trail | Specifies whether the trail is created in the current region or in all regions | string | `false` | no | +| is_organization_trail | The trail is an AWS Organizations trail | string | `false` | no | +| kms_key_id | Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail | string | `` | no | +| name | Name (e.g. `app` or `cluster`) | string | - | yes | +| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes | +| s3_bucket_name | S3 bucket name for CloudTrail logs | string | - | yes | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes | | tags | Additional tags (e.g. map('BusinessUnit`,`XYZ`) | map | `` | no | ## Outputs From 7f713a03db0a9a11d30b3e233a5435a40459841f Mon Sep 17 00:00:00 2001 From: christopherriley Date: Tue, 28 May 2019 21:58:24 -0700 Subject: [PATCH 3/3] fix output variable syntax --- outputs.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/outputs.tf b/outputs.tf index dc578f0..d6921d6 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,14 +1,14 @@ output "cloudtrail_id" { - value = "${aws_cloudtrail.default.id}" + value = "${join("", aws_cloudtrail.default.*.id)}" description = "The name of the trail" } output "cloudtrail_home_region" { - value = "${aws_cloudtrail.default.home_region}" + value = "${join("", aws_cloudtrail.default.*.home_region)}" description = "The region in which the trail was created" } output "cloudtrail_arn" { - value = "${aws_cloudtrail.default.arn}" + value = "${join("", aws_cloudtrail.default.*.arn)}" description = "The Amazon Resource Name of the trail" }