Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: CloudTrail Object-level logging #119

Merged
merged 3 commits into from
Apr 25, 2023
Merged

feat: CloudTrail Object-level logging #119

merged 3 commits into from
Apr 25, 2023

Conversation

TIYZAP
Copy link
Contributor

@TIYZAP TIYZAP commented Apr 17, 2023
edited
Loading

Summary

Currently the terraform-aws-cloudtrail module does not contain support for Object-level logging, specifically the ability to add an event_selector in order to enable said logging.

This need for this functionality originated from the following policies;

  • lacework-global-80 (Ensure that Object-level logging for write events is enabled for S3 buckets)

  • lacework-global-81 (Ensure that Object-level logging for read events is enabled for S3 buckets)

  • Added a dynamic block which can be enabled / disabled based on an associated variable.

  • Added a additional variable

How did you test this change?

Swapped the source to my local path and ran a terraform init against one of our environments. Modules initialized cleanly.

Issue

N/A

@dmurray-lacework
Copy link
Collaborator

make it so! (comment trigger for tests)

@TIYZAP
Copy link
Contributor Author

TIYZAP commented Apr 24, 2023

@dmurray-lacework Any chance we could get some eyes on this for review?

dmurray-lacework
dmurray-lacework reviewed Apr 24, 2023
View reviewed changes
Copy link
Collaborator

@dmurray-lacework dmurray-lacework left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to update the Readme docs with terraform-docs markdown
https://github.com/terraform-docs/terraform-docs/

We also require a new example in examples/ directory with the enable_cloudtrail_s3_management_events field being used.

The ci_tests.sh needs updated with the new example in the TEST_CASES block.

@TIYZAP TIYZAP requested a review from dmurray-lacework April 24, 2023 18:53
@afiune
Copy link
Contributor

afiune commented Apr 24, 2023

@TIYZAP Nicely done! 🎉 CI: make it so...

@dmurray-lacework dmurray-lacework merged commit 37c6bc1 into lacework:main Apr 25, 2023
@dmurray-lacework dmurray-lacework changed the title CloudTrail: Object-level logging feat: CloudTrail Object-level logging Apr 25, 2023
@TIYZAP
Copy link
Contributor Author

TIYZAP commented Apr 25, 2023

@dmurray-lacework @afiune What's the ETA on a new release being created in order for this addition to be utilized?

@dmurray-lacework dmurray-lacework mentioned this pull request Apr 25, 2023
Merged
@afiune
Copy link
Contributor

afiune commented Apr 27, 2023

@TIYZAP it has been released!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmurray-lacework dmurray-lacework dmurray-lacework approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TIYZAP @dmurray-lacework @afiune