add templates

templates/horizon_init_stack.yaml

@@ -18,7 +18,6 @@ Metadata:
           - StackSetAdminRole
           - StackSetExecRole
           - CreateOrgTrail
-          - TrailName
       - Label:
           default: AWS S3 Bucket 
         Parameters:
@@ -51,8 +50,6 @@ Metadata:
         default: StackSet Administration Role
       CreateOrgTrail:
         default: Create Optional Organization CloudTrail
-      TrailName:
-        default: Name of Optional Organization CloudTrail
       pOrganizationId:
         default: (Optional) AWS Organization ID
 
@@ -115,9 +112,6 @@ Parameters:
       - 'true'
       - 'false'
     Default: 'false'
-  TrailName:
-    Type: String
-    Default: "crowdstrike-horizon-trail"
   pOrganizationId:
     AllowedPattern: '^$|^o-[a-z0-9]{10,32}$'
     ConstraintDescription: Must start with 'o-' followed by from 10 to 32 lowercase letters or digits. (e.g. o-abc1234567)
@@ -141,54 +135,14 @@ Mappings:
       CSRoleName: "CrowdStrikeCSPMConnector"
 
 Resources:  
-  # Create trail, bucket, and bucket policy to enable EB event collection
-  TrailBucket:
-    Condition: CreateTrail
-    Type: AWS::S3::Bucket
-    DeletionPolicy: Delete
-    Properties:
-      AccessControl: Private
-  Trail:
+  CloudTrailStack:
+    Type: 'AWS::CloudFormation::Stack'
     Condition: CreateTrail
-    Type: AWS::CloudTrail::Trail
-    DependsOn: BucketPolicy
     Properties:
-      S3BucketName: !Ref TrailBucket
-      IsLogging: true
-      TrailName: !Sub ${TrailName}
-      IncludeGlobalServiceEvents: true
-      IsMultiRegionTrail: true
-      IsOrganizationTrail: true
-      S3KeyPrefix: cloudtrail-logs
-      EventSelectors:
-        - IncludeManagementEvents: true
-  BucketPolicy:  
-    Condition: CreateTrail
-    Type: AWS::S3::BucketPolicy
-    Properties: 
-      Bucket: !Ref TrailBucket
-      PolicyDocument:
-        Version: '2012-10-17'
-        Statement:
-        - Sid: AWSCloudTrailAclCheck20150319
-          Effect: Allow
-          Principal:
-            Service: cloudtrail.amazonaws.com
-          Action: s3:GetBucketAcl
-          Resource: !Sub arn:aws:s3:::${TrailBucket}
-          Condition:
-            StringEquals:
-              AWS:SourceArn: !Sub arn:aws:cloudtrail:${AWS::Region}:${AWS::AccountId}:trail/${TrailName}
-        - Sid: AWSCloudTrailWrite20150319
-          Effect: Allow
-          Principal:
-            Service: cloudtrail.amazonaws.com
-          Action: s3:PutObject
-          Resource: !Sub arn:aws:s3:::${TrailBucket}/*
-          Condition:
-            StringEquals:
-              s3:x-amz-acl: bucket-owner-full-control
-              AWS:SourceArn: !Sub arn:aws:cloudtrail:${AWS::Region}:${AWS::AccountId}:trail/${TrailName}
+      TemplateURL: !Sub https://${SourceS3BucketName}.s3.${S3BucketRegion}.${AWS::URLSuffix}/${StagingS3KeyPrefix}/submodules/cfn-abi-aws-cloudtrail/templates/sra-cloudtrail-enable-in-org-ssm.yaml
+      Parameters:
+        pSRAS3BucketRegion: !Ref S3BucketRegion
+        pEnableDataEventsOnly: false
 
 # Create CSPM Role and StackSet
   CrowdStrikeCSPMRole: