Last active
August 11, 2017 08:29
-
-
Save ryo0301/1ccf39346934f03dc28b to your computer and use it in GitHub Desktop.
CloudFormation - CloudTrail template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Parameters" : { | |
| "BucketName" : { | |
| "Description" : "Name of the S3 bucket.", | |
| "Type" : "String" | |
| }, | |
| "TopicName" : { | |
| "Description" : "Name of the SNS topic.", | |
| "Type" : "String", | |
| "Default": "" | |
| }, | |
| "IncludeGlobalServiceEvents" : { | |
| "Description" : "Indicates whether the trail is publishing events from global services, such as IAM, to the log files.", | |
| "Type" : "String", | |
| "Default": "false", | |
| "AllowedValues": [ "true", "false" ] | |
| } | |
| }, | |
| "Conditions" : { | |
| "UseSNSTopic" : { | |
| "Fn::Not" : [ | |
| {"Fn::Equals" : [ {"Ref" : "TopicName"}, "" ] } | |
| ] | |
| } | |
| }, | |
| "Resources" : { | |
| "Trail" : { | |
| "Type" : "AWS::CloudTrail::Trail", | |
| "Properties" : { | |
| "IncludeGlobalServiceEvents" : {"Ref" : "IncludeGlobalServiceEvents"}, | |
| "S3BucketName" : {"Ref" : "BucketName"}, | |
| "SnsTopicName" : { | |
| "Fn::If" : [ | |
| "UseSNSTopic", | |
| {"Ref" : "TopicName"}, | |
| {"Ref" : "AWS::NoValue"} | |
| ] | |
| }, | |
| "IsLogging" : true | |
| } | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Parameters" : { | |
| "ExpirationInDays" : { | |
| "Description" : "Expiration of the CloudTrail logs in days", | |
| "Type" : "Number", | |
| "Default" : 365 | |
| }, | |
| "OperatorEmail" : { | |
| "Description" : "Email address to notify when new logs are published.", | |
| "Type" : "String" | |
| } | |
| }, | |
| "Resources" : { | |
| "Bucket" : { | |
| "DeletionPolicy" : "Retain", | |
| "Type" : "AWS::S3::Bucket", | |
| "Properties" : { | |
| "LifecycleConfiguration" : { | |
| "Rules" : [ | |
| { | |
| "Status" : "Enabled", | |
| "ExpirationInDays" : {"Ref" : "ExpirationInDays"} | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| "BucketPolicy" : { | |
| "Type" : "AWS::S3::BucketPolicy", | |
| "Properties" : { | |
| "Bucket" : {"Ref" : "Bucket"}, | |
| "PolicyDocument" : { | |
| "Version" : "2012-10-17", | |
| "Statement" : [ | |
| { | |
| "Sid" : "AWSCloudTrailAclCheck", | |
| "Effect" : "Allow", | |
| "Principal" : { | |
| "AWS" : [ | |
| "arn:aws:iam::903692715234:root", | |
| "arn:aws:iam::859597730677:root", | |
| "arn:aws:iam::814480443879:root", | |
| "arn:aws:iam::216624486486:root", | |
| "arn:aws:iam::086441151436:root", | |
| "arn:aws:iam::388731089494:root", | |
| "arn:aws:iam::284668455005:root", | |
| "arn:aws:iam::113285607260:root", | |
| "arn:aws:iam::035351147821:root" | |
| ] | |
| }, | |
| "Action" : "s3:GetBucketAcl", | |
| "Resource" : { "Fn::Join" : ["", ["arn:aws:s3:::", {"Ref" : "Bucket"}]]} | |
| }, | |
| { | |
| "Sid" : "AWSCloudTrailWrite", | |
| "Effect" : "Allow", | |
| "Principal" : { | |
| "AWS" : [ | |
| "arn:aws:iam::903692715234:root", | |
| "arn:aws:iam::859597730677:root", | |
| "arn:aws:iam::814480443879:root", | |
| "arn:aws:iam::216624486486:root", | |
| "arn:aws:iam::086441151436:root", | |
| "arn:aws:iam::388731089494:root", | |
| "arn:aws:iam::284668455005:root", | |
| "arn:aws:iam::113285607260:root", | |
| "arn:aws:iam::035351147821:root" | |
| ] | |
| }, | |
| "Action" : "s3:PutObject", | |
| "Resource" : { "Fn::Join" : ["", ["arn:aws:s3:::", {"Ref" : "Bucket"}, "/AWSLogs/", {"Ref" : "AWS::AccountId"}, "/*"]]}, | |
| "Condition" : { | |
| "StringEquals" : { | |
| "s3:x-amz-acl" : "bucket-owner-full-control" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| "Topic" : { | |
| "Type" : "AWS::SNS::Topic", | |
| "Properties" : { | |
| "Subscription" : [ | |
| { | |
| "Endpoint" : { "Ref" : "OperatorEmail" }, | |
| "Protocol" : "email" | |
| } | |
| ] | |
| } | |
| }, | |
| "TopicPolicy" : { | |
| "Type" : "AWS::SNS::TopicPolicy", | |
| "Properties" : { | |
| "Topics" : [ | |
| {"Ref" : "Topic"} | |
| ], | |
| "PolicyDocument" : { | |
| "Version" : "2008-10-17", | |
| "Statement" : [ | |
| { | |
| "Sid" : "AWSCloudTrailSNSPolicy", | |
| "Effect" : "Allow", | |
| "Principal" : { | |
| "AWS" : [ | |
| "arn:aws:iam::903692715234:root", | |
| "arn:aws:iam::859597730677:root", | |
| "arn:aws:iam::814480443879:root", | |
| "arn:aws:iam::216624486486:root", | |
| "arn:aws:iam::086441151436:root", | |
| "arn:aws:iam::388731089494:root", | |
| "arn:aws:iam::284668455005:root", | |
| "arn:aws:iam::113285607260:root", | |
| "arn:aws:iam::035351147821:root" | |
| ] | |
| }, | |
| "Resource" : {"Fn::Join" : ["", ["arn:aws:sns:", {"Ref" : "AWS::Region"}, ":", {"Ref" : "AWS::AccountId"}, ":", {"Fn::GetAtt" : ["Topic", "TopicName"]}]]}, | |
| "Action" : "sns:Publish" | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "S3BucketName" : { | |
| "Value" : {"Ref" : "Bucket"}, | |
| "Description" : "Name of the newly created S3 bucket." | |
| }, | |
| "SNSTopicName" : { | |
| "Value" : {"Fn::GetAtt" : ["Topic", "TopicName"]}, | |
| "Description" : "Name of the newly created SNS topic." | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment