feat: support providing a cloudtrail from a different account

[piotrb]

This is a tiny tweak which allows passing in the arn of the cloudtrail in a different account, and it will allow that cloudtrail to publish into the sns topic.

Summary

We have a particular use case:

• we use Datadog
• we have the cloudtrail set up in the org management account
• but its logging to a S3 bucket in a separate security account as per AWS WAR guidelines.
• We can't use the S3 notification option because Datadog is using that avenue, so we wanted to use the SNS option on the cloudtrail itself.

We've been working with Clayton Sopel on your side to come up with a solution to make this work and it proved to be a very small change to the SNS topic policy, but given how this module is created, it didn't give us a nice way to slip this tweak in.

How did you test this change?

Switched the module reference in our environment to this fork and it worked.

[dmurray-lacework]

Make it so!

(this comment triggers tests)

[dmurray-lacework]

Approved this change. But before we merge can you add an example of the scenario to examples/ folder and run the docs tool to update the Readme
https://terraform-docs.io/
terraform-docs markdown .

[piotrb]

I added examples .. the diff on the module doc is quite large .. feels like its not been run in a little while .. so I added just the one line of diff adding the new variable :)

You may want to include a .terraform-docs.yml and support in-place updating of the docs (instead of asking people to paste the new docs from the command output :) )

[piotrb]

Ok fine .. see last commit .. I added a running script, the terraform-docs config, and the fully updated readme :)

[afiune]

Suggested change

	source = "lacework/cloudtrail/aws"
	version = "~> 2.8"
	source = "../../"

[afiune]

We refer to the module locally instead of the registry ☝🏽

[piotrb]

done

[afiune]

Make it so 🎉

[afiune]

Nice addition! I am going to ask my team to deploy this script in all our Terraform modules and also, add a new Makefile directive to run it.

[afiune]

Please, look at this feedback and apply the diff in your PR, then we will merge and release!

#147

Note that I had to rebase from main since we had some CI changes, that is probably why PR passes CI. 🍏

[afiune]

@piotrb Your work inspired us to adopt it in all our Terraform Modules! 🎉 Thank you.

We really don't want to let this PR fall behind, any chance you can take some time to
update it so we can merge and release it?

[piotrb]

Alright, I rebased again :) .. applied the one tweak to the example. Was there anything else?

[PengyuanZhao]

@piotrb thanks for the changes. We will be working on getting this merged.

[PengyuanZhao]

@piotrb This PR is not mergable due to the unsigned commits. We can use #147 instead. Could you double check and verify the changes? We can get #147 merged if it's good.

[zekisherif]

Merged #147 . Closing this out