search

thinkstack-co / terraform-modules

Terraform modules
MIT License
7 stars 4 forks source link

Log S3 Bucket Write Events #116

Open jakeasarus opened 2 years ago

jakeasarus commented 2 years ago

As part of a finding in Cloudcheckr I would like to improve modules by logging S3 Write events. We would need to add the following code:

event_selector {
    read_write_type           = "All"
    include_management_events = true

   data_resource {
      type   = "AWS::S3::Object"
      values = ["arn:aws:s3"]
 }

It would need to be added to this module, inside of the cited resource.

https://github.com/thinkstack-co/terraform-modules/blob/26f02ac8ba2727ad0327da4999264100b412116f/modules/aws/cloudtrail/main.tf#L5-L13

jakeasarus commented 2 years ago

@zachreborn thoughts on this?