github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_cloudtrail.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/cloudtrail" 9 "github.com/hashicorp/terraform/helper/schema" 10 ) 11 12 func resourceAwsCloudTrail() *schema.Resource { 13 return &schema.Resource{ 14 Create: resourceAwsCloudTrailCreate, 15 Read: resourceAwsCloudTrailRead, 16 Update: resourceAwsCloudTrailUpdate, 17 Delete: resourceAwsCloudTrailDelete, 18 19 Schema: map[string]*schema.Schema{ 20 "name": &schema.Schema{ 21 Type: schema.TypeString, 22 Required: true, 23 ForceNew: true, 24 }, 25 "enable_logging": &schema.Schema{ 26 Type: schema.TypeBool, 27 Optional: true, 28 Default: true, 29 }, 30 "s3_bucket_name": &schema.Schema{ 31 Type: schema.TypeString, 32 Required: true, 33 }, 34 "s3_key_prefix": &schema.Schema{ 35 Type: schema.TypeString, 36 Optional: true, 37 }, 38 "cloud_watch_logs_role_arn": &schema.Schema{ 39 Type: schema.TypeString, 40 Optional: true, 41 }, 42 "cloud_watch_logs_group_arn": &schema.Schema{ 43 Type: schema.TypeString, 44 Optional: true, 45 }, 46 "include_global_service_events": &schema.Schema{ 47 Type: schema.TypeBool, 48 Optional: true, 49 Default: true, 50 }, 51 "sns_topic_name": &schema.Schema{ 52 Type: schema.TypeString, 53 Optional: true, 54 }, 55 }, 56 } 57 } 58 59 func resourceAwsCloudTrailCreate(d *schema.ResourceData, meta interface{}) error { 60 conn := meta.(*AWSClient).cloudtrailconn 61 62 input := cloudtrail.CreateTrailInput{ 63 Name: aws.String(d.Get("name").(string)), 64 S3BucketName: aws.String(d.Get("s3_bucket_name").(string)), 65 } 66 67 if v, ok := d.GetOk("cloud_watch_logs_group_arn"); ok { 68 input.CloudWatchLogsLogGroupArn = aws.String(v.(string)) 69 } 70 if v, ok := d.GetOk("cloud_watch_logs_role_arn"); ok { 71 input.CloudWatchLogsRoleArn = aws.String(v.(string)) 72 } 73 if v, ok := d.GetOk("include_global_service_events"); ok { 74 input.IncludeGlobalServiceEvents = aws.Bool(v.(bool)) 75 } 76 if v, ok := d.GetOk("s3_key_prefix"); ok { 77 input.S3KeyPrefix = aws.String(v.(string)) 78 } 79 if v, ok := d.GetOk("sns_topic_name"); ok { 80 input.SnsTopicName = aws.String(v.(string)) 81 } 82 83 t, err := conn.CreateTrail(&input) 84 if err != nil { 85 return err 86 } 87 88 log.Printf("[DEBUG] CloudTrail created: %s", t) 89 90 d.SetId(*t.Name) 91 92 // AWS CloudTrail sets newly-created trails to false. 93 if v, ok := d.GetOk("enable_logging"); ok && v.(bool) { 94 err := cloudTrailSetLogging(conn, v.(bool), d.Id()) 95 if err != nil { 96 return err 97 } 98 } 99 100 return resourceAwsCloudTrailRead(d, meta) 101 } 102 103 func resourceAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error { 104 conn := meta.(*AWSClient).cloudtrailconn 105 106 name := d.Get("name").(string) 107 input := cloudtrail.DescribeTrailsInput{ 108 TrailNameList: []*string{ 109 aws.String(name), 110 }, 111 } 112 resp, err := conn.DescribeTrails(&input) 113 if err != nil { 114 return err 115 } 116 if len(resp.TrailList) == 0 { 117 return fmt.Errorf("No CloudTrail found, using name %q", name) 118 } 119 120 trail := resp.TrailList[0] 121 log.Printf("[DEBUG] CloudTrail received: %s", trail) 122 123 d.Set("name", trail.Name) 124 d.Set("s3_bucket_name", trail.S3BucketName) 125 d.Set("s3_key_prefix", trail.S3KeyPrefix) 126 d.Set("cloud_watch_logs_role_arn", trail.CloudWatchLogsRoleArn) 127 d.Set("cloud_watch_logs_group_arn", trail.CloudWatchLogsLogGroupArn) 128 d.Set("include_global_service_events", trail.IncludeGlobalServiceEvents) 129 d.Set("sns_topic_name", trail.SnsTopicName) 130 131 logstatus, err := cloudTrailGetLoggingStatus(conn, trail.Name) 132 if err != nil { 133 return err 134 } 135 d.Set("enable_logging", logstatus) 136 137 return nil 138 } 139 140 func resourceAwsCloudTrailUpdate(d *schema.ResourceData, meta interface{}) error { 141 conn := meta.(*AWSClient).cloudtrailconn 142 143 input := cloudtrail.UpdateTrailInput{ 144 Name: aws.String(d.Get("name").(string)), 145 } 146 147 if d.HasChange("s3_bucket_name") { 148 input.S3BucketName = aws.String(d.Get("s3_bucket_name").(string)) 149 } 150 if d.HasChange("s3_key_prefix") { 151 input.S3KeyPrefix = aws.String(d.Get("s3_key_prefix").(string)) 152 } 153 if d.HasChange("cloud_watch_logs_role_arn") { 154 input.CloudWatchLogsRoleArn = aws.String(d.Get("cloud_watch_logs_role_arn").(string)) 155 } 156 if d.HasChange("cloud_watch_logs_group_arn") { 157 input.CloudWatchLogsLogGroupArn = aws.String(d.Get("cloud_watch_logs_group_arn").(string)) 158 } 159 if d.HasChange("include_global_service_events") { 160 input.IncludeGlobalServiceEvents = aws.Bool(d.Get("include_global_service_events").(bool)) 161 } 162 if d.HasChange("sns_topic_name") { 163 input.SnsTopicName = aws.String(d.Get("sns_topic_name").(string)) 164 } 165 166 log.Printf("[DEBUG] Updating CloudTrail: %s", input) 167 t, err := conn.UpdateTrail(&input) 168 if err != nil { 169 return err 170 } 171 172 if d.HasChange("enable_logging") { 173 log.Printf("[DEBUG] Updating logging on CloudTrail: %s", input) 174 err := cloudTrailSetLogging(conn, d.Get("enable_logging").(bool), *input.Name) 175 if err != nil { 176 return err 177 } 178 } 179 180 log.Printf("[DEBUG] CloudTrail updated: %s", t) 181 182 return resourceAwsCloudTrailRead(d, meta) 183 } 184 185 func resourceAwsCloudTrailDelete(d *schema.ResourceData, meta interface{}) error { 186 conn := meta.(*AWSClient).cloudtrailconn 187 name := d.Get("name").(string) 188 189 log.Printf("[DEBUG] Deleting CloudTrail: %q", name) 190 _, err := conn.DeleteTrail(&cloudtrail.DeleteTrailInput{ 191 Name: aws.String(name), 192 }) 193 194 return err 195 } 196 197 func cloudTrailGetLoggingStatus(conn *cloudtrail.CloudTrail, id *string) (bool, error) { 198 GetTrailStatusOpts := &cloudtrail.GetTrailStatusInput{ 199 Name: id, 200 } 201 resp, err := conn.GetTrailStatus(GetTrailStatusOpts) 202 if err != nil { 203 return false, fmt.Errorf("Error retrieving logging status of CloudTrail (%s): %s", *id, err) 204 } 205 206 return *resp.IsLogging, err 207 } 208 209 func cloudTrailSetLogging(conn *cloudtrail.CloudTrail, enabled bool, id string) error { 210 if enabled { 211 log.Printf( 212 "[DEBUG] Starting logging on CloudTrail (%s)", 213 id) 214 StartLoggingOpts := &cloudtrail.StartLoggingInput{ 215 Name: aws.String(id), 216 } 217 if _, err := conn.StartLogging(StartLoggingOpts); err != nil { 218 return fmt.Errorf( 219 "Error starting logging on CloudTrail (%s): %s", 220 id, err) 221 } 222 } else { 223 log.Printf( 224 "[DEBUG] Stopping logging on CloudTrail (%s)", 225 id) 226 StopLoggingOpts := &cloudtrail.StopLoggingInput{ 227 Name: aws.String(id), 228 } 229 if _, err := conn.StopLogging(StopLoggingOpts); err != nil { 230 return fmt.Errorf( 231 "Error stopping logging on CloudTrail (%s): %s", 232 id, err) 233 } 234 } 235 236 return nil 237 }