| aws_account_id |
The AWS Account ID number of the account. |
string |
n/a |
yes |
| cloudtrail_name |
The name of the trail. |
string |
"cloudtrail-multi-region" |
no |
| cloudtrail_sns_topic_name |
The sns topic linked to the cloudtrail |
string |
"cloudtrail-multi-region-sns-topic" |
no |
| cloudwatch_logs_group_name |
The name of CloudWatch Logs group to which CloudTrail events are delivered. |
string |
"cloudtrail-multi-region" |
no |
| cloudwatch_logs_retention_in_days |
Number of days to retain logs for. CIS recommends 365 days. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. Set to 0 to keep logs indefinitely. |
string |
"365" |
no |
| enabled |
The boolean flag whether this module is enabled or not. No resources are created when set to false. |
string |
"true" |
no |
| iam_role_name |
The name of the IAM Role to be used by CloudTrail to delivery logs to CloudWatch Logs group. |
string |
"CloudTrail-CloudWatch-Delivery-Role" |
no |
| iam_role_policy_name |
The name of the IAM Role Policy to be used by CloudTrail to delivery logs to CloudWatch Logs group. |
string |
"CloudTrail-CloudWatch-Delivery-Policy" |
no |
| is_organization_trail |
Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. |
string |
"false" |
no |
| key_deletion_window_in_days |
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. |
string |
"10" |
no |
| region |
The AWS region in which CloudTrail is set up. |
string |
n/a |
yes |
| s3_bucket_name |
The name of the S3 bucket which will store configuration snapshots. |
string |
n/a |
yes |
| s3_key_prefix |
The prefix for the specified S3 bucket. |
string |
"" |
no |
| tags |
Specifies object tags key and value. This applies to all resources created by this module. |
map |
{ "Terraform": true } |
no |