cloudtrail-s3-bucket
cloudposse/cloudtrail-s3-bucket/aws
S3 bucket with built in IAM policy to allow CloudTrail logs
Terraform module to provision an S3 bucket with built in policy to allow CloudTrail logs. This is useful if an organization uses a number of separate AWS accounts to isolate the Audit environment from other environments (production, staging, development). In this case, you create CloudTrail in the production environment (Production AWS account), while the S3 bucket to store the CloudTrail logs is created in the Audit AWS account, restricting access to the logs only to the users/groups from the Audit account. The module supports the following: 1. Forced server-side encryption at rest for the S3 bucket 2. S3 bucket versioning to easily recover from both unintended user actions and application failures 3. S3 bucket is protected from deletion if it's not empty (force_destroy set to false) 4. S
| Name | Type | Description | Default |
|---|---|---|---|
| sse_algorithm | string | The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | "AES256" |
| kms_master_key_arn | string | The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be use | "" |
| standard_transition_days | number | Number of days to persist in the standard storage tier before moving to the infr | 30 |
| access_log_bucket_name | string | Name of the S3 bucket where s3 access log will be sent to | "" |
| bucket_notifications_type | string | Type of the notification configuration. Only SQS is supported. | "SQS" |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| noncurrent_version_transition_days | number | Specifies when noncurrent object versions transitions | 30 |
| block_public_acls | bool | Set to `false` to disable the blocking of new public access lists on the bucket | true |
| restrict_public_buckets | bool | Set to `false` to disable the restricting of making the bucket public | true |
| allow_ssl_requests_only | bool | Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This w | true |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| regex_replace_chars | string | Terraform regular expression (regex) string. Characters matching the regex will | null |
| acl | string | The canned ACL to apply. We recommend log-delivery-write for compatibility with | "log-delivery-write" |
| ignore_public_acls | bool | Set to `false` to disable the ignoring of public access lists on the bucket | true |
| object_lock_configuration | object({ mode = string # | A configuration for S3 object locking. With S3 Object Lock, you can store object | null |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| lifecycle_prefix | string | Prefix filter. Used to manage object lifecycle events | "" |
| … and 5 more inputs | |||
bucket_domain_name — FQDN of bucketbucket_id — Bucket IDbucket_arn — Bucket ARNprefix — Prefix configured for lifecycle rulesbucket_notifications_sqs_queue_arn — Notifications SQS queue ARNAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,