Cloudtrail & s3 fedrampdocs bucket

Coalfire-CF / terraform-aws-account-setup

Coalfire AWS Account Setup Terraform Module

https://coalfire.com/opensource

MIT License

2 stars 1 forks source link

Cloudtrail & s3 fedrampdocs bucket #22

Closed az-kennedy closed 7 months ago

az-kennedy commented 7 months ago

Added option for cloudtrail configuration
Tested on TF 1.5.5
Tested having variable create_cloudtrail true and false
Updated Readme
Added new buckets for cloudtrail and fedrampdoc

github-actions[bot] commented 7 months ago

🌟 No Terraform files were modified in this PR or all modified Terraform files passed the Checkov checks. Good job! 🌟

github-actions[bot] commented 7 months ago

🌟 No Terraform files were modified in this PR or all modified Terraform files passed the Checkov checks. Good job! 🌟

github-actions[bot] commented 7 months ago

🌟 No Terraform files were modified in this PR or all modified Terraform files passed the Checkov checks. Good job! 🌟

github-actions[bot] commented 7 months ago

🌟 No Terraform files were modified in this PR or all modified Terraform files passed the Checkov checks. Good job! 🌟

github-actions[bot] commented 7 months ago

🌟 No Terraform files were modified in this PR or all modified Terraform files passed the Checkov checks. Good job! 🌟

az-kennedy commented 7 months ago

Pushed some code changes, everything is working correctly

github-actions[bot] commented 7 months ago

🌟 No Terraform files were modified in this PR or all modified Terraform files passed the Checkov checks. Good job! 🌟

github-actions[bot] commented 7 months ago

Checkov Scan Results 📖:

File	Check ID	Description	Resource	Checkov Result
/cloudtrail.tf	CKV_AWS_338	Ensure CloudWatch log groups retains logs for at least 1 year	aws_cloudwatch_log_group.cloudtrail_log_group	FAILED
/cloudtrail.tf	CKV_AWS_252	Ensure CloudTrail defines an SNS Topic	aws_cloudtrail.all_cloudtrail	FAILED

Please review the above report. ⚠️

github-actions[bot] commented 7 months ago

Checkov Scan Results 📖:

File	Check ID	Description	Resource	Checkov Result
/cloudtrail.tf	CKV_AWS_338	Ensure CloudWatch log groups retains logs for at least 1 year	aws_cloudwatch_log_group.cloudtrail_log_group	FAILED
/cloudtrail.tf	CKV_AWS_252	Ensure CloudTrail defines an SNS Topic	aws_cloudtrail.all_cloudtrail	FAILED

Please review the above report. ⚠️

az-kennedy commented 7 months ago

Removed legacy code which used sqs and sns for log injestion. @kourosh-forti-hands , this should be AOK to review

kourosh-forti-hands commented 7 months ago

Revert PR because it goes against AWS best practices and is doing redundant AWS Cloudwatch logging to an S3 bucket and a cloudwatch log group. Its creating SNS Keys? We don't use SNS for logging, so no clue the logic behind that.