Skip to main content

CloudTrail auditor

Project description

probator-auditor-cloudtrail

Please open issues in the Probator repository

Description

This auditor ensures that CloudTrail:

  • Is enabled globally on multi-region
  • Logs to a central location
  • Has SNS/SQS notifications enabled and being sent to the correct queues
  • Regional trails (of our chosen name) are not enabled

Configuration Options

Option name Default Value Type Description
bucket_name None string Name of the S3 bucket to send CloudTrail logs to
bucket_region us-west-2 string Region to create S3 bucket in
cloudtrail_region us-west-2 string Region to create CloudTrail in
enabled False bool Enable the CloudTrail auditor
interval 60 int Run frequency in minutes
resource_tags None list List of tags, in key=value format. Empty value disabled tag management
s3_archive_days 31 int Days after which files go to cold storage. Empty or 0 value to disable
s3_kms_key_id None string KMS Key ID for S3 SSE encryption. If empty, uses the default AWS KMS Key
sns_topic_name None string SNS topic name for CloudTrail log delivery
sqs_queue_arn None string ARN of the SQS queue receiving log notifications
trail_name us-west-2 string Name of the trail to create

Based on the work by Riot Games' Cloud Inquisitor

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

probator-auditor-cloudtrail-1.1.1.tar.gz (7.9 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page