Terraform module to implements Multi-Account Actiontrail Log Archive.
English | 简体ä¸æ–‡
In order to meet external audit and internal regulatory compliance requirements, the enterprise management account uses Resource Directory for multi-account management and ActionTrail to centrally collects all account operation logs. ActionTrail supports delivering logs to SLS and OSS for storage, and SLS and OSS support log retention time configuration.
This module creates an ActionTrail trail for log archiving, implements centralized centralization of multi-account operation logs, and archives the logs to SLS or OSS under the enterprise log archive account.
Architecture Diagram:
You can use this in your terraform template with the following steps.
provider "alicloud" {
alias = "management_account"
region = "cn-shanghai"
}
provider "alicloud" {
alias = "log_archive_account"
region = "cn-shanghai"
}
module "log_archive" {
source = "alibabacloud-automation/landing-zone-actiontrail-log-archive/alicloud"
providers = {
alicloud.management_account = alicloud.management_account
alicloud.log_archive_account = alicloud.log_archive_account
}
delivery_to_sls = true
delivery_to_oss = true
actiontrail_trail_name = "muti-account-trail"
actiontrail_trail_event_rw = "All"
}| Name | Version |
|---|---|
| terraform | >= 0.13 |
| alicloud | >= 1.220.0 |
| Name | Version |
|---|---|
| alicloud.log_archive_account | >= 1.220.0 |
| alicloud.management_account | >= 1.220.0 |
| random | n/a |
No modules.
| Name | Type |
|---|---|
| alicloud_actiontrail_trail.trail | resource |
| alicloud_log_project.actiontrail | resource |
| alicloud_oss_bucket.actiontrail | resource |
| alicloud_oss_bucket_acl.actiontrail | resource |
| alicloud_ram_role.actiontrail | resource |
| alicloud_ram_role_policy_attachment.attach_policy | resource |
| random_integer.default | resource |
| alicloud_account.logarchive | data source |
| alicloud_account.management | data source |
| alicloud_log_service.enable_sls_service | data source |
| alicloud_oss_service.enable_oss_service | data source |
| alicloud_regions.sls_project_region | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| actiontrail_trail_event_rw | Indicates whether the event is a read or a write event. Valid values: Read, Write, and All. Default to All. | string |
"All" |
no |
| actiontrail_trail_name | The name of the trail to be created, which must be unique for an account. | string |
"muti-account-actiontrail" |
no |
| delivery_to_oss | Whether to delivery logs to oss. | bool |
true |
no |
| delivery_to_sls | Whether to delivery logs to sls. | bool |
true |
no |
| oss_bucket_name_for_actiontrail | The name of the oss bucket used for archiving ActionTrail logs. If omitted, ActionTrail logs won't be archived to oss. | string |
null |
no |
| oss_bucket_tags | A mapping of tags to assign to the oss bucket used for archiving ActionTrail logs. | map(string) |
{ |
no |
| sls_project_description | The description of sls project used for archiving ActionTrail logs. | string |
null |
no |
| sls_project_name_for_actiontrail | Sls project used for archiving ActionTrail logs. If omitted, ActionTrail logs won't be archived to sls. | string |
null |
no |
| sls_project_tags | A mapping of tags to assign to the sls project used for archiving ActionTrail logs. | map(string) |
{ |
no |
| Name | Description |
|---|---|
| oss_bucket_id | The OSS bucket to which the trail delivers logs. |
| oss_enable_status | The current oss enable status. |
| sls_enable_status | The current log service enable status. |
| sls_project_arn | The SLS project to which the trail delivers logs. |
| trail_id | The id of ActionTrail Trail. The value is the same as trail_name. |
If you have any problems when using this module, please opening a provider issue and let us know.
Note: There does not recommend opening an issue on this repo.
Created and maintained by Alibaba Cloud Terraform Team(terraform@alibabacloud.com).
MIT Licensed. See LICENSE for full details.
