Describe the Feature Request
The CloudTrail created by this Terraform module should support setting up a proper logging integration with CloudWatch.
Is your feature request related to a problem? Please describe
The created CloudTrail is non-compliant with CIS Benchmarks and is listed as a Medium severity in Lacework's generated reports for compliance with AWS ISO 27001:2013 and AWS ISO/IEC 27002:2022.
Describe Preferred Solution
The module creates resources that by default are compliant with CIS Benchmarks.
Add input variables cloudwatch_logs_encryption_enabled, cloudwatch_logs_encryption_key_arn, and cloudwatch_logs_iam_role_arn, and set them in the aws_cloudtrail resource. If no IAM role ARN is provided then one should be created by the module.
Additional Context
I think the changes needed are the following:
variables.tf:
variable "cloudwatch_logs_encryption_enabled" {
type = bool
default = true
}
variable "cloudwatch_logs_encryption_key_arn" {
type = string
default = ""
}
variable "cloudwatch_logs_iam_role_arn" {
type = string
default = ""
}
Feature Request
Describe the Feature Request The CloudTrail created by this Terraform module should support setting up a proper logging integration with CloudWatch.
Is your feature request related to a problem? Please describe The created CloudTrail is non-compliant with CIS Benchmarks and is listed as a Medium severity in Lacework's generated reports for compliance with AWS ISO 27001:2013 and AWS ISO/IEC 27002:2022.
The non-compliance in question is lacework-global-55.
Describe Preferred Solution The module creates resources that by default are compliant with CIS Benchmarks.
Add input variables
cloudwatch_logs_encryption_enabled
,cloudwatch_logs_encryption_key_arn
, andcloudwatch_logs_iam_role_arn
, and set them in the aws_cloudtrail resource. If no IAM role ARN is provided then one should be created by the module.Additional Context I think the changes needed are the following:
variables.tf
:main.tf
:Please note that this code has not been properly tested. I've simply adjusted Terraform configurations that I've found elsewhere.
Thanks!