Overview
This module performs the following tasks:
- Create KMS key for cloudtrail and CWL encryption
- Create s3 bucket for cloudtrail use
- Create cloudtrail
- Create cloudwatch log group for cloudtrail
- Create cloudwatch metric filter for CIS1.1
- Create cloudwatch alarm for CIS1.1
Inputs:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| application | name of application | string | none | yes |
| environment | capacity of environment (prd/dev/lab) | string | none | yes |
| customer-name | owner of aws resources | string | none | yes |
| project | name of project | string | none | yes |
| default-tags | tags to be added to resources | list | none | yes |
| cloudtrail-retain-days | Days before cloudtrail logs are expired on s3 | number | 90 | yes |
| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |