jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-03-14 04:01:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
551eedcf2616376b00d7da170b09f682bbfa3445
opentf/website/source/docs/providers/aws/r/cloudtrail.html.markdown
Max Riveiro 137fcfb5de Massively add HCL source tag in docs Markdown files 
Signed-off-by: Max Riveiro <kavu13@gmail.com>
2017-04-17 13:17:54 +03:00

101 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
layout: "aws"
page_title: "AWS: cloudtrail"
sidebar_current: "docs-aws-resource-cloudtrail"
description: |-
Provides a CloudTrail resource.
---
# aws\_cloudtrail
Provides a CloudTrail resource.
## Example Usage
```hcl
resource "aws_cloudtrail" "foobar" {
name = "tf-trail-foobar"
s3_bucket_name = "${aws_s3_bucket.foo.id}"
s3_key_prefix = "prefix"
include_global_service_events = false
}
resource "aws_s3_bucket" "foo" {
bucket = "tf-test-trail"
force_destroy = true
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::tf-test-trail"
},
{
"Sid": "AWSCloudTrailWrite",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::tf-test-trail/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
POLICY
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) Specifies the name of the trail.
* `s3_bucket_name` - (Required) Specifies the name of the S3 bucket designated for publishing log files.
* `s3_key_prefix` - (Optional) Specifies the S3 key prefix that precedes
the name of the bucket you have designated for log file delivery.
* `cloud_watch_logs_role_arn` - (Optional) Specifies the role for the CloudWatch Logs
endpoint to assume to write to a users log group.
* `cloud_watch_logs_group_arn` - (Optional) Specifies a log group name using an Amazon Resource Name (ARN),
that represents the log group to which CloudTrail logs will be delivered.
* `enable_logging` - (Optional) Enables logging for the trail. Defaults to `true`.
Setting this to `false` will pause logging.
* `include_global_service_events` - (Optional) Specifies whether the trail is publishing events
from global services such as IAM to the log files. Defaults to `true`.
* `is_multi_region_trail` - (Optional) Specifies whether the trail is created in the current
region or in all regions. Defaults to `false`.
* `sns_topic_name` - (Optional) Specifies the name of the Amazon SNS topic
defined for notification of log file delivery.
* `enable_log_file_validation` - (Optional) Specifies whether log file integrity validation is enabled.
Defaults to `false`.
* `kms_key_id` - (Optional) Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
* `tags` - (Optional) A mapping of tags to assign to the trail
## Attribute Reference
The following attributes are exported:
* `id` - The name of the trail.
* `home_region` - The region in which the trail was created.
* `arn` - The Amazon Resource Name of the trail.
## Import
Cloudtrails can be imported using the `name`, e.g.
```
$ terraform import aws_cloudtrail.sample my-sample-trail
```
Reference in New Issue View Git Blame Copy Permalink