Skip to content

terraform-yc-modules/terraform-yc-audit-trails

BranchesTags

Repository files navigation

Yandex Cloud Audit Trails

Requirements

Use Service Account for Audit Trails with audit-trails.viewer role for the organization/cloud/folder.

Features

  • Create a Audit Trail with the following destinations:
    • Storage
    • Logging group
    • Data Stream
  • Create choosed destinations automatically
  • Easy to add events filters for control and data events
  • Easy to use in other resources via outputs

Example

See examples section

Configure Terraform for Yandex Cloud

  • Install YC CLI
  • Add environment variables for terraform auth in Yandex.Cloud
export YC_TOKEN=$(yc iam create-token)
export YC_CLOUD_ID=$(yc config get cloud-id)
export YC_FOLDER_ID=$(yc config get folder-id)

Requirements

Name Version
terraform >= 1.0.0
yandex >= 0.134.0

Providers

Name Version
null 3.2.3
random 3.6.3
yandex 0.134.0

Modules

Name Source Version
bucket_audit git::https://github.com/terraform-yc-modules/terraform-yc-s3.git e4017d7

Resources

Name Type
null_resource.wait_for_ydb resource
random_string.unique_id resource
yandex_audit_trails_trail.this resource
yandex_kms_symmetric_key_iam_binding.auto_storage resource
yandex_logging_group.this resource
yandex_resourcemanager_folder_iam_member.auto_storage resource
yandex_resourcemanager_folder_iam_member.log_group resource
yandex_resourcemanager_folder_iam_member.ydb resource
yandex_ydb_database_serverless.this resource
yandex_ydb_topic.topic resource
yandex_client_config.client data source

Inputs

Name Description Type Default Required
data_events_filter Optional list of data events filters. 
list(object({
    service         = string
    resource_id     = string
    resource_type   = string
    included_events = optional(list(string), [])
    excluded_events = optional(list(string), [])
  }))
 [] no
description Description of the trail. string "Created by yandex terraform module" no
destination_type Type of destination: 'storage', 'logging', or 'data_stream'. string n/a yes
folder_id ID of the folder to which the trail belongs. string null no
labels Labels defined by the user. map(string) 
{
  "created_by": "yandex-terraform-module"
}
 no
management_events_filter Optional list of management events filters. 
list(object({
    resource_id   = string
    resource_type = string
  }))
 [] no
name Name of the trail. string n/a yes
object_prefix Additional prefix of the uploaded objects (if using storage_destination). string null no
retention_period_bucket Number of days to keep logs in the bucket number 1095 no
retention_period_log_group Number of hours to keep logs in logging group. string "720h0m0s" no
service_account_id ID of the IAM service account that is used by the trail. string n/a yes

Outputs

Name Description
bucket_name ID of the created for audit trail storage bucket
data_stream_id ID of the created for audit trail data stream
logging_group_id ID of the created for audit trail logging group
trail_id ID of the created audit trail

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages