github.com/adrian-bl/terraform@v0.7.0-rc2.0.20160705220747-de0a34fc3517/website/source/docs/providers/aws/r/cloudtrail.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: cloudtrail"
     4  sidebar_current: "docs-aws-resource-cloudtrail"
     5  description: |-
     6    Provides a CloudTrail resource.
     7  ---
     8  
     9  # aws\_cloudtrail
    10  
    11  Provides a CloudTrail resource.
    12  
    13  ## Example Usage
    14  ```
    15  resource "aws_cloudtrail" "foobar" {
    16      name = "tf-trail-foobar"
    17      s3_bucket_name = "${aws_s3_bucket.foo.id}"
    18      s3_key_prefix = "/prefix"
    19      include_global_service_events = false
    20  }
    21  
    22  resource "aws_s3_bucket" "foo" {
    23      bucket = "tf-test-trail"
    24      force_destroy = true
    25      policy = <<POLICY
    26  {
    27      "Version": "2012-10-17",
    28      "Statement": [
    29          {
    30              "Sid": "AWSCloudTrailAclCheck",
    31              "Effect": "Allow",
    32              "Principal": {
    33                "Service": "cloudtrail.amazonaws.com"
    34              },
    35              "Action": "s3:GetBucketAcl",
    36              "Resource": "arn:aws:s3:::tf-test-trail"
    37          },
    38          {
    39              "Sid": "AWSCloudTrailWrite",
    40              "Effect": "Allow",
    41              "Principal": {
    42                "Service": "cloudtrail.amazonaws.com"
    43              },
    44              "Action": "s3:PutObject",
    45              "Resource": "arn:aws:s3:::tf-test-trail/*",
    46              "Condition": {
    47                  "StringEquals": {
    48                      "s3:x-amz-acl": "bucket-owner-full-control"
    49                  }
    50              }
    51          }
    52      ]
    53  }
    54  POLICY
    55  }
    56  ```
    57  
    58  ## Argument Reference
    59  
    60  The following arguments are supported:
    61  
    62  * `name` - (Required) Specifies the name of the trail.
    63  * `s3_bucket_name` - (Required) Specifies the name of the S3 bucket designated for publishing log files.
    64  * `s3_key_prefix` - (Optional) Specifies the S3 key prefix that precedes
    65      the name of the bucket you have designated for log file delivery.
    66  * `cloud_watch_logs_role_arn` - (Optional) Specifies the role for the CloudWatch Logs
    67      endpoint to assume to write to a user’s log group.
    68  * `cloud_watch_logs_group_arn` - (Optional) Specifies a log group name using an Amazon Resource Name (ARN),
    69      that represents the log group to which CloudTrail logs will be delivered.
    70  * `enable_logging` - (Optional) Enables logging for the trail. Defaults to `true`.
    71      Setting this to `false` will pause logging.
    72  * `include_global_service_events` - (Optional) Specifies whether the trail is publishing events
    73      from global services such as IAM to the log files. Defaults to `true`.
    74  * `is_multi_region_trail` - (Optional) Specifies whether the trail is created in the current
    75      region or in all regions. Defaults to `false`.
    76  * `sns_topic_name` - (Optional) Specifies the name of the Amazon SNS topic
    77      defined for notification of log file delivery.
    78  * `enable_log_file_validation` - (Optional) Specifies whether log file integrity validation is enabled.
    79      Defaults to `false`.
    80  * `kms_key_id` - (Optional) Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail.
    81  * `tags` - (Optional) A mapping of tags to assign to the trail
    82  
    83  ## Attribute Reference
    84  
    85  The following attributes are exported:
    86  
    87  * `id` - The name of the trail.
    88  * `home_region` - The region in which the trail was created.
    89  * `arn` - The Amazon Resource Name of the trail.