xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
xpk
2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security_identity_compliance/cloudtrail_cwlogs/ct-s3-bucket.tf
+64
View File
@@ -0,0 +1,64 @@
data "aws_iam_policy_document" "cloudtrail_bucket_policy" {
statement {
sid = "AWSCloudTrailAclCheck"
principals {
type = "Service"
identifiers = ["cloudtrail.amazonaws.com"]
}
actions = [
"s3:GetBucketAcl",
]
resources = [
"arn:aws:s3:::${local.ct-bucket-name}",
]
}
statement {
sid = "AWSCloudTrailWrite"
principals {
type = "Service"
identifiers = ["config.amazonaws.com", "cloudtrail.amazonaws.com"]
}
actions = [
"s3:PutObject"
]
resources = [
"arn:aws:s3:::${local.ct-bucket-name}/*"
]
}
statement {
sid = "ReadAccessForAccountOwner"
principals {
type = "AWS"
identifiers = [data.aws_caller_identity.this.account_id]
}
actions = [
"s3:Get*"
]
resources = [
"arn:aws:s3:::${local.ct-bucket-name}",
"arn:aws:s3:::${local.ct-bucket-name}/*"
]
}
}
module ct-bucket {
source = "../../storage/infra-s3-bucket"
bucket-name = local.ct-bucket-name
bucket-policy-json = data.aws_iam_policy_document.cloudtrail_bucket_policy.json
default-tags = var.default-tags
}