Comments (3)
Hey @TheShahin I've created a task for the team to take a look at this.
Internal Jira link: https://lacework.atlassian.net/browse/GROW-1523
from terraform-aws-cloudtrail.
Closed by #120
from terraform-aws-cloudtrail.
I think this could easily be fixed by adding the following to main.tf
:
data "aws_iam_policy_document" "cloudtrail_log_policy" {
version = "2012-10-17"
statement {
sid = "ForceSSLOnlyAccess"
actions = ["s3:*"]
effect = "Deny"
resources = [
"arn:aws:s3:::${local.log_bucket_name}",
"arn:aws:s3:::${local.log_bucket_name}/*",
]
principals {
type = "AWS"
identifiers = ["*"]
}
condition {
test = "Bool"
variable = "aws:SecureTransport"
values = ["false"]
}
}
}
resource "aws_s3_bucket_policy" "cloudtrail_log_bucket_policy" {
count = (var.use_existing_cloudtrail || var.use_existing_access_log_bucket) ? 0 : (var.bucket_logs_enabled ? 1 : 0)
bucket = aws_s3_bucket.cloudtrail_log_bucket[0].id
policy = data.aws_iam_policy_document.cloudtrail_log_policy.json
}
from terraform-aws-cloudtrail.
Related Issues (20)
- feat: Allow to filter SNS messages HOT 1
- feat: bucket_logs_enabled logs never expire
- bug: Integrate Existing Consolidated CloudTrail - terraform rerun deletes manually attached SNS topic HOT 2
- bug: support AWS provider v5.0
- TF modules pinning notes HOT 7
- Support for enable_log_file_validation
- feat: Lacework CloudTrail should send logs to CloudWatch HOT 1
- bug: [Action Required] S3 changes to bucket authorization are coming in October 2023 HOT 4
- Dependency conflicts with terraform-aws-cloudtrail
- How to implement this: .... HOT 1
- Outputs reference variables instead of resources created by this module HOT 2
- Support passing tags to S3 bucket HOT 1
- feat: Support s3 notifiers for syndicating cloudtrail to sns
- feat: Use existing S3 bucket for access logging HOT 1
- feat: add a required_providers version constraint HOT 1
- bug: support aws provider version ~> 4.0
- feat: Creating a trail for an organization HOT 2
- feat: Using a custom KMS CMK HOT 7
- bug: Error when using use_existing_access_log_bucket = true HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-cloudtrail.