Browse the Repo
Browse the Repo
Run AWS CloudTrail to maintain an audit log of all API calls in your AWS account and write the logs to an S3 bucket, encrypted with KMS.
This Terraform Module configures AWS CloudTrail, a service for logging every API call made against your AWS account.
Enable CloudTrail in your AWS account.
Create an S3 bucket to store all CloudTrail events.
Create a KMS master key to encrypt all CloudTrail events.
Configure how long to retain CloudTrail log data and how to guarantee CloudTrail log integrity.
|This repo is a part of the Gruntwork Infrastructure as Code Library, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Infrastructure as Code Library before, make sure to read How to use the Gruntwork Infrastructure as Code Library!|
If you just want to try this repo out for experimenting and learning, check out the following resources:
examples/cloudtrail folder contains sample code optimized for
learning, experimenting, and testing (but not production usage).
If you want to deploy this repo in production, check out the following resources:
How to configure a production-grade AWS account structure: This guide will walk you through the process of configuring a production-grade AWS account structure, including how to manage multiple environments, users, permissions, audit logging via CloudTrail, and more.
cloudtrail module in the Acme example Reference Architecture: Production-ready sample code from the Acme Reference Architecture examples.
If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers Commercial Support via Slack, email, and phone/video. If you’re already a Gruntwork customer, hop on Slack and ask away! If not, subscribe now. If you’re not sure, feel free to email us at email@example.com.
Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.
Please see Contributing to the Gruntwork Infrastructure as Code Library for instructions.
We're here to talk about our services, answer any questions, give advice, or just to chat.