{ "format_version": "0.1", "terraform_version": "0.12.28", "variables": { "additional_tag_map": { "value": {} }, "applications": { "value": [] }, "attributes": { "value": [] }, "context": { "value": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} } }, "delimiter": { "value": null }, "enable_log_file_validation": { "value": true }, "enable_logging": { "value": true }, "enabled": { "value": true }, "environment": { "value": null }, "id_length_limit": { "value": null }, "include_global_service_events": { "value": false }, "is_multi_region_trail": { "value": false }, "is_organization_trail": { "value": false }, "label_order": { "value": null }, "name": { "value": "cloudtrail-test" }, "namespace": { "value": "eg" }, "regex_replace_chars": { "value": null }, "region": { "value": "us-east-2" }, "stage": { "value": "test" }, "tags": { "value": {} } }, "planned_values": { "outputs": { "cloudtrail_arn": { "sensitive": false }, "cloudtrail_bucket_arn": { "sensitive": false }, "cloudtrail_bucket_domain_name": { "sensitive": false }, "cloudtrail_bucket_id": { "sensitive": false }, "cloudtrail_home_region": { "sensitive": false }, "cloudtrail_id": { "sensitive": false } }, "root_module": { "resources": [ { "address": "aws_kms_key.key[\"default\"]", "mode": "managed", "type": "aws_kms_key", "name": "key", "index": "default", "provider_name": "aws", "schema_version": 0, "values": { "customer_master_key_spec": "SYMMETRIC_DEFAULT", "deletion_window_in_days": 30, "description": "kms key", "enable_key_rotation": true, "is_enabled": true, "key_usage": "ENCRYPT_DECRYPT", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"my-kms\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:Describe*\",\n \"kms:Decrypt\",\n \"kms:\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": [\n \"logs.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:GenerateDataKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": \"cloudwatch.amazonaws.com\"\n }\n }\n ]\n}", "tags": null } } ], "child_modules": [ { "resources": [ { "address": "module.cloudtrail.aws_cloudtrail.default[0]", "mode": "managed", "type": "aws_cloudtrail", "name": "default", "index": 0, "provider_name": "aws", "schema_version": 0, "values": { "cloud_watch_logs_group_arn": "", "cloud_watch_logs_role_arn": "", "enable_log_file_validation": true, "enable_logging": true, "event_selector": [], "include_global_service_events": false, "insight_selector": [], "is_multi_region_trail": false, "is_organization_trail": false, "kms_key_id": null, "name": "eg-test-cloudtrail-test", "s3_key_prefix": null, "sns_topic_name": null, "tags": { "Name": "eg-test-cloudtrail-test", "Namespace": "eg", "Stage": "test" } } } ], "address": "module.cloudtrail" }, { "address": "module.cloudtrail_s3_bucket", "child_modules": [ { "resources": [ { "address": "module.cloudtrail_s3_bucket.module.s3_bucket.aws_s3_bucket.default[0]", "mode": "managed", "type": "aws_s3_bucket", "name": "default", "index": 0, "provider_name": "aws", "schema_version": 0, "values": { "acl": "log-delivery-write", "bucket": "eg-test-cloudtrail-test", "bucket_prefix": null, "cors_rule": [], "force_destroy": true, "grant": [], "lifecycle_rule": [ { "abort_incomplete_multipart_upload_days": 5, "enabled": true, "expiration": [ { "date": null, "days": 90, "expired_object_delete_marker": null } ], "id": "eg-test-cloudtrail-test", "noncurrent_version_expiration": [ { "days": 90 } ], "noncurrent_version_transition": [], "prefix": "", "tags": null, "transition": [ { "date": "", "days": 30, "storage_class": "STANDARD_IA" } ] } ], "logging": [], "object_lock_configuration": [], "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AWSCloudTrailAclCheck\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::eg-test-cloudtrail-test\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n }\n },\n {\n \"Sid\": \"AWSCloudTrailWrite\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::eg-test-cloudtrail-test/*\",\n \"Principal\": {\n \"Service\": [\n \"config.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n },\n \"Condition\": {\n \"StringEquals\": {\n \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n }\n }\n }\n ]\n}", "replication_configuration": [], "server_side_encryption_configuration": [ { "rule": [ { "apply_server_side_encryption_by_default": [ { "kms_master_key_id": "", "sse_algorithm": "AES256" } ] } ] } ], "tags": { "Name": "eg-test-cloudtrail-test", "Namespace": "eg", "Stage": "test" }, "versioning": [ { "enabled": false, "mfa_delete": false } ], "website": [] } }, { "address": "module.cloudtrail_s3_bucket.module.s3_bucket.aws_s3_bucket_public_access_block.default[0]", "mode": "managed", "type": "aws_s3_bucket_public_access_block", "name": "default", "index": 0, "provider_name": "aws", "schema_version": 0, "values": { "block_public_acls": true, "block_public_policy": true, "ignore_public_acls": true, "restrict_public_buckets": true } } ], "address": "module.cloudtrail_s3_bucket.module.s3_bucket" } ] } ] } }, "resource_changes": [ { "address": "aws_kms_key.key[\"default\"]", "mode": "managed", "type": "aws_kms_key", "name": "key", "index": "default", "provider_name": "aws", "change": { "actions": [ "create" ], "before": null, "after": { "customer_master_key_spec": "SYMMETRIC_DEFAULT", "deletion_window_in_days": 30, "description": "kms key", "enable_key_rotation": true, "is_enabled": true, "key_usage": "ENCRYPT_DECRYPT", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"my-kms\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:Describe*\",\n \"kms:Decrypt\",\n \"kms:\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": [\n \"logs.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:GenerateDataKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": \"cloudwatch.amazonaws.com\"\n }\n }\n ]\n}", "tags": null }, "after_unknown": { "arn": true, "id": true, "key_id": true } } }, { "address": "module.cloudtrail.aws_cloudtrail.default[0]", "module_address": "module.cloudtrail", "mode": "managed", "type": "aws_cloudtrail", "name": "default", "index": 0, "provider_name": "aws", "change": { "actions": [ "create" ], "before": null, "after": { "cloud_watch_logs_group_arn": "", "cloud_watch_logs_role_arn": "", "enable_log_file_validation": true, "enable_logging": true, "event_selector": [], "include_global_service_events": false, "insight_selector": [], "is_multi_region_trail": false, "is_organization_trail": false, "kms_key_id": null, "name": "eg-test-cloudtrail-test", "s3_key_prefix": null, "sns_topic_name": null, "tags": { "Name": "eg-test-cloudtrail-test", "Namespace": "eg", "Stage": "test" } }, "after_unknown": { "arn": true, "event_selector": [], "home_region": true, "id": true, "insight_selector": [], "s3_bucket_name": true, "tags": {} } } }, { "address": "module.cloudtrail_s3_bucket.module.s3_bucket.aws_s3_bucket.default[0]", "module_address": "module.cloudtrail_s3_bucket.module.s3_bucket", "mode": "managed", "type": "aws_s3_bucket", "name": "default", "index": 0, "provider_name": "aws", "change": { "actions": [ "create" ], "before": null, "after": { "acl": "log-delivery-write", "bucket": "eg-test-cloudtrail-test", "bucket_prefix": null, "cors_rule": [], "force_destroy": true, "grant": [], "lifecycle_rule": [ { "abort_incomplete_multipart_upload_days": 5, "enabled": true, "expiration": [ { "date": null, "days": 90, "expired_object_delete_marker": null } ], "id": "eg-test-cloudtrail-test", "noncurrent_version_expiration": [ { "days": 90 } ], "noncurrent_version_transition": [], "prefix": "", "tags": null, "transition": [ { "date": "", "days": 30, "storage_class": "STANDARD_IA" } ] } ], "logging": [], "object_lock_configuration": [], "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AWSCloudTrailAclCheck\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::eg-test-cloudtrail-test\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n }\n },\n {\n \"Sid\": \"AWSCloudTrailWrite\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::eg-test-cloudtrail-test/*\",\n \"Principal\": {\n \"Service\": [\n \"config.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n },\n \"Condition\": {\n \"StringEquals\": {\n \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n }\n }\n }\n ]\n}", "replication_configuration": [], "server_side_encryption_configuration": [ { "rule": [ { "apply_server_side_encryption_by_default": [ { "kms_master_key_id": "", "sse_algorithm": "AES256" } ] } ] } ], "tags": { "Name": "eg-test-cloudtrail-test", "Namespace": "eg", "Stage": "test" }, "versioning": [ { "enabled": false, "mfa_delete": false } ], "website": [] }, "after_unknown": { "acceleration_status": true, "arn": true, "bucket_domain_name": true, "bucket_regional_domain_name": true, "cors_rule": [], "grant": [], "hosted_zone_id": true, "id": true, "lifecycle_rule": [ { "expiration": [ {} ], "noncurrent_version_expiration": [ {} ], "noncurrent_version_transition": [], "transition": [ {} ] } ], "logging": [], "object_lock_configuration": [], "region": true, "replication_configuration": [], "request_payer": true, "server_side_encryption_configuration": [ { "rule": [ { "apply_server_side_encryption_by_default": [ {} ] } ] } ], "tags": {}, "versioning": [ {} ], "website": [], "website_domain": true, "website_endpoint": true } } }, { "address": "module.cloudtrail_s3_bucket.module.s3_bucket.aws_s3_bucket_public_access_block.default[0]", "module_address": "module.cloudtrail_s3_bucket.module.s3_bucket", "mode": "managed", "type": "aws_s3_bucket_public_access_block", "name": "default", "index": 0, "provider_name": "aws", "change": { "actions": [ "create" ], "before": null, "after": { "block_public_acls": true, "block_public_policy": true, "ignore_public_acls": true, "restrict_public_buckets": true }, "after_unknown": { "bucket": true, "id": true } } } ], "output_changes": { "cloudtrail_arn": { "actions": [ "create" ], "before": null, "after_unknown": true }, "cloudtrail_bucket_arn": { "actions": [ "create" ], "before": null, "after_unknown": true }, "cloudtrail_bucket_domain_name": { "actions": [ "create" ], "before": null, "after_unknown": true }, "cloudtrail_bucket_id": { "actions": [ "create" ], "before": null, "after_unknown": true }, "cloudtrail_home_region": { "actions": [ "create" ], "before": null, "after_unknown": true }, "cloudtrail_id": { "actions": [ "create" ], "before": null, "after_unknown": true } }, "prior_state": { "format_version": "0.1", "terraform_version": "0.12.28", "values": { "root_module": { "resources": [ { "address": "data.aws_iam_policy_document.service_access", "mode": "data", "type": "aws_iam_policy_document", "name": "service_access", "provider_name": "aws", "schema_version": 0, "values": { "id": "3438765999", "json": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"my-kms\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:Describe*\",\n \"kms:Decrypt\",\n \"kms:\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": [\n \"logs.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:GenerateDataKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": \"cloudwatch.amazonaws.com\"\n }\n }\n ]\n}", "override_json": null, "policy_id": "my-kms", "source_json": null, "statement": [ { "actions": [ "kms:", "kms:Decrypt", "kms:Describe*", "kms:Encrypt", "kms:GenerateDataKey*", "kms:ReEncrypt*" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "cloudtrail.amazonaws.com", "logs.amazonaws.com" ], "type": "Service" } ], "resources": [ "*" ], "sid": "" }, { "actions": [ "kms:Decrypt", "kms:GenerateDataKey" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "cloudwatch.amazonaws.com" ], "type": "Service" } ], "resources": [ "*" ], "sid": "" } ], "version": "2012-10-17" } } ], "child_modules": [ { "resources": [ { "address": "data.aws_iam_policy_document.default", "mode": "data", "type": "aws_iam_policy_document", "name": "default", "index": 0, "provider_name": "aws", "schema_version": 0, "values": { "id": "2104932552", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AWSCloudTrailAclCheck\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::eg-test-cloudtrail-test\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n }\n },\n {\n \"Sid\": \"AWSCloudTrailWrite\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::eg-test-cloudtrail-test/*\",\n \"Principal\": {\n \"Service\": [\n \"config.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n },\n \"Condition\": {\n \"StringEquals\": {\n \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n }\n }\n }\n ]\n}", "override_json": null, "policy_id": null, "source_json": null, "statement": [ { "actions": [ "s3:GetBucketAcl" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "cloudtrail.amazonaws.com" ], "type": "Service" } ], "resources": [ "arn:aws:s3:::eg-test-cloudtrail-test" ], "sid": "AWSCloudTrailAclCheck" }, { "actions": [ "s3:PutObject" ], "condition": [ { "test": "StringEquals", "values": [ "bucket-owner-full-control" ], "variable": "s3:x-amz-acl" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "cloudtrail.amazonaws.com", "config.amazonaws.com" ], "type": "Service" } ], "resources": [ "arn:aws:s3:::eg-test-cloudtrail-test/*" ], "sid": "AWSCloudTrailWrite" } ], "version": "2012-10-17" } } ], "address": "module.cloudtrail_s3_bucket" } ] } } }, "configuration": { "provider_config": { "aws": { "name": "aws", "expressions": { "region": { "references": [ "var.region" ] } } } }, "root_module": { "outputs": { "cloudtrail_arn": { "expression": { "references": [ "module.cloudtrail.cloudtrail_arn" ] }, "description": "The Amazon Resource Name of the trail" }, "cloudtrail_bucket_arn": { "expression": { "references": [ "module.cloudtrail_s3_bucket.bucket_arn" ] }, "description": "ARN of the CloudTral S3 bucket" }, "cloudtrail_bucket_domain_name": { "expression": { "references": [ "module.cloudtrail_s3_bucket.bucket_domain_name" ] }, "description": "FQDN of the CloudTral S3 bucket" }, "cloudtrail_bucket_id": { "expression": { "references": [ "module.cloudtrail_s3_bucket.bucket_id" ] }, "description": "Name of the CloudTral S3 bucket" }, "cloudtrail_home_region": { "expression": { "references": [ "module.cloudtrail.cloudtrail_home_region" ] }, "description": "The region in which the trail was created" }, "cloudtrail_id": { "expression": { "references": [ "module.cloudtrail.cloudtrail_id" ] }, "description": "The name of the trail" } }, "resources": [ { "address": "aws_kms_key.key", "mode": "managed", "type": "aws_kms_key", "name": "key", "provider_config_key": "aws", "expressions": { "deletion_window_in_days": { "constant_value": 30 }, "description": { "constant_value": "kms key" }, "enable_key_rotation": { "constant_value": true }, "policy": { "references": [ "data.aws_iam_policy_document.service_access" ] } }, "schema_version": 0, "for_each_expression": { "references": [ "local.applications" ] } }, { "address": "data.aws_iam_policy_document.service_access", "mode": "data", "type": "aws_iam_policy_document", "name": "service_access", "provider_config_key": "aws", "expressions": { "policy_id": { "constant_value": "my-kms" }, "statement": [ { "actions": { "constant_value": [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", "kms:" ] }, "effect": { "constant_value": "Allow" }, "principals": [ { "identifiers": { "constant_value": [ "cloudtrail.amazonaws.com", "logs.amazonaws.com" ] }, "type": { "constant_value": "Service" } } ], "resources": { "constant_value": [ "*" ] } }, { "actions": { "constant_value": [ "kms:Decrypt", "kms:GenerateDataKey" ] }, "effect": { "constant_value": "Allow" }, "principals": [ { "identifiers": { "constant_value": [ "cloudwatch.amazonaws.com" ] }, "type": { "constant_value": "Service" } } ], "resources": { "constant_value": [ "*" ] } } ] }, "schema_version": 0 } ], "module_calls": { "cloudtrail": { "source": "../../", "expressions": { "context": { "references": [ "module.this.context" ] }, "enable_log_file_validation": { "references": [ "var.enable_log_file_validation" ] }, "enable_logging": { "references": [ "var.enable_logging" ] }, "include_global_service_events": { "references": [ "var.include_global_service_events" ] }, "is_multi_region_trail": { "references": [ "var.is_multi_region_trail" ] }, "is_organization_trail": { "references": [ "var.is_organization_trail" ] }, "kms_key_arn": { "references": [ "aws_kms_key.key[\"default\"]" ] }, "s3_bucket_name": { "references": [ "module.cloudtrail_s3_bucket.bucket_id" ] } }, "module": { "outputs": { "cloudtrail_arn": { "expression": { "references": [ "aws_cloudtrail.default" ] }, "description": "The Amazon Resource Name of the trail" }, "cloudtrail_home_region": { "expression": { "references": [ "aws_cloudtrail.default" ] }, "description": "The region in which the trail was created" }, "cloudtrail_id": { "expression": { "references": [ "aws_cloudtrail.default" ] }, "description": "The name of the trail" } }, "resources": [ { "address": "aws_cloudtrail.default", "mode": "managed", "type": "aws_cloudtrail", "name": "default", "provider_config_key": "cloudtrail:aws", "expressions": { "cloud_watch_logs_group_arn": { "references": [ "var.cloud_watch_logs_group_arn" ] }, "cloud_watch_logs_role_arn": { "references": [ "var.cloud_watch_logs_role_arn" ] }, "enable_log_file_validation": { "references": [ "var.enable_log_file_validation" ] }, "enable_logging": { "references": [ "var.enable_logging" ] }, "include_global_service_events": { "references": [ "var.include_global_service_events" ] }, "is_multi_region_trail": { "references": [ "var.is_multi_region_trail" ] }, "is_organization_trail": { "references": [ "var.is_organization_trail" ] }, "name": { "references": [ "module.this.id" ] }, "s3_bucket_name": { "references": [ "var.s3_bucket_name" ] }, "tags": { "references": [ "module.this.tags" ] } }, "schema_version": 0, "count_expression": { "references": [ "module.this.enabled" ] } } ], "module_calls": { "this": { "source": "cloudposse/label/null", "expressions": { "additional_tag_map": { "references": [ "var.additional_tag_map" ] }, "attributes": { "references": [ "var.attributes" ] }, "context": { "references": [ "var.context" ] }, "delimiter": { "references": [ "var.delimiter" ] }, "enabled": { "references": [ "var.enabled" ] }, "environment": { "references": [ "var.environment" ] }, "id_length_limit": { "references": [ "var.id_length_limit" ] }, "label_order": { "references": [ "var.label_order" ] }, "name": { "references": [ "var.name" ] }, "namespace": { "references": [ "var.namespace" ] }, "regex_replace_chars": { "references": [ "var.regex_replace_chars" ] }, "stage": { "references": [ "var.stage" ] }, "tags": { "references": [ "var.tags" ] } }, "module": { "outputs": { "additional_tag_map": { "expression": { "references": [ "local.additional_tag_map" ] }, "description": "The merged additional_tag_map" }, "attributes": { "expression": { "references": [ "local.enabled", "local.attributes" ] }, "description": "List of attributes" }, "context": { "expression": { "references": [ "local.input" ] }, "description": "Merged but otherwise unmodified input to this module, to be used as context input to other modules.\nNote: this version will have null values as defaults, not the values actually used as defaults.\n" }, "delimiter": { "expression": { "references": [ "local.enabled", "local.delimiter" ] }, "description": "Delimiter between `namespace`, `environment`, `stage`, `name` and `attributes`" }, "enabled": { "expression": { "references": [ "local.enabled" ] }, "description": "True if module is enabled, false otherwise" }, "environment": { "expression": { "references": [ "local.enabled", "local.environment" ] }, "description": "Normalized environment" }, "id": { "expression": { "references": [ "local.enabled", "local.id" ] }, "description": "Disambiguated ID restricted to `id_length_limit` characters in total" }, "id_full": { "expression": { "references": [ "local.enabled", "local.id_full" ] }, "description": "Disambiguated ID not restricted in length" }, "id_length_limit": { "expression": { "references": [ "local.id_length_limit" ] }, "description": "The id_length_limit actually used to create the ID, with `0` meaning unlimited" }, "label_order": { "expression": { "references": [ "local.label_order" ] }, "description": "The naming order actually used to create the ID" }, "name": { "expression": { "references": [ "local.enabled", "local.name" ] }, "description": "Normalized name" }, "namespace": { "expression": { "references": [ "local.enabled", "local.namespace" ] }, "description": "Normalized namespace" }, "normalized_context": { "expression": { "references": [ "local.output_context" ] }, "description": "Normalized context of this module" }, "regex_replace_chars": { "expression": { "references": [ "local.regex_replace_chars" ] }, "description": "The regex_replace_chars actually used to create the ID" }, "stage": { "expression": { "references": [ "local.enabled", "local.stage" ] }, "description": "Normalized stage" }, "tags": { "expression": { "references": [ "local.enabled", "local.tags" ] }, "description": "Normalized Tag map" }, "tags_as_list_of_maps": { "expression": { "references": [ "local.tags_as_list_of_maps" ] }, "description": "Additional tags as a list of maps, which can be used in several AWS resources" } }, "variables": { "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" } } }, "version_constraint": "0.22.1" } }, "variables": { "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "cloud_watch_logs_group_arn": { "default": "", "description": "Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered" }, "cloud_watch_logs_role_arn": { "default": "", "description": "Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enable_log_file_validation": { "default": true, "description": "Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs" }, "enable_logging": { "default": true, "description": "Enable logging for the trail" }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "event_selector": { "default": [], "description": "Specifies an event selector for enabling data event logging. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this variable" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "include_global_service_events": { "default": false, "description": "Specifies whether the trail is publishing events from global services such as IAM to the log files" }, "is_multi_region_trail": { "default": false, "description": "Specifies whether the trail is created in the current region or in all regions" }, "is_organization_trail": { "default": false, "description": "The trail is an AWS Organizations trail" }, "kms_key_arn": { "default": "", "description": "Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "s3_bucket_name": { "description": "S3 bucket name for CloudTrail logs" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" } } } }, "cloudtrail_s3_bucket": { "source": "cloudposse/cloudtrail-s3-bucket/aws", "expressions": { "context": { "references": [ "module.this.context" ] }, "force_destroy": { "constant_value": true } }, "module": { "outputs": { "bucket_arn": { "expression": { "references": [ "module.s3_bucket.bucket_arn" ] }, "description": "Bucket ARN" }, "bucket_domain_name": { "expression": { "references": [ "module.s3_bucket.bucket_domain_name" ] }, "description": "FQDN of bucket" }, "bucket_id": { "expression": { "references": [ "module.s3_bucket.bucket_id" ] }, "description": "Bucket ID" }, "prefix": { "expression": { "references": [ "module.s3_bucket.prefix" ] }, "description": "Prefix configured for lifecycle rules" } }, "resources": [ { "address": "data.aws_iam_policy_document.default", "mode": "data", "type": "aws_iam_policy_document", "name": "default", "provider_config_key": "cloudtrail_s3_bucket:aws", "expressions": { "statement": [ { "actions": { "constant_value": [ "s3:GetBucketAcl" ] }, "principals": [ { "identifiers": { "constant_value": [ "cloudtrail.amazonaws.com" ] }, "type": { "constant_value": "Service" } } ], "resources": { "references": [ "var.arn_format", "module.this.id" ] }, "sid": { "constant_value": "AWSCloudTrailAclCheck" } }, { "actions": { "constant_value": [ "s3:PutObject" ] }, "condition": [ { "test": { "constant_value": "StringEquals" }, "values": { "constant_value": [ "bucket-owner-full-control" ] }, "variable": { "constant_value": "s3:x-amz-acl" } } ], "principals": [ { "identifiers": { "constant_value": [ "config.amazonaws.com", "cloudtrail.amazonaws.com" ] }, "type": { "constant_value": "Service" } } ], "resources": { "references": [ "var.arn_format", "module.this.id" ] }, "sid": { "constant_value": "AWSCloudTrailWrite" } } ] }, "schema_version": 0, "count_expression": { "references": [ "module.this.enabled" ] } } ], "module_calls": { "s3_bucket": { "source": "git::https://github.com/cloudposse/terraform-aws-s3-log-storage.git?ref=tags/0.14.0", "expressions": { "abort_incomplete_multipart_upload_days": { "references": [ "var.abort_incomplete_multipart_upload_days" ] }, "access_log_bucket_name": { "references": [ "var.access_log_bucket_name" ] }, "acl": { "references": [ "var.acl" ] }, "block_public_acls": { "references": [ "var.block_public_acls" ] }, "block_public_policy": { "references": [ "var.block_public_policy" ] }, "context": { "references": [ "module.this.context" ] }, "enable_glacier_transition": { "references": [ "var.enable_glacier_transition" ] }, "enabled": { "references": [ "module.this.enabled" ] }, "expiration_days": { "references": [ "var.expiration_days" ] }, "force_destroy": { "references": [ "var.force_destroy" ] }, "glacier_transition_days": { "references": [ "var.glacier_transition_days" ] }, "ignore_public_acls": { "references": [ "var.ignore_public_acls" ] }, "kms_master_key_arn": { "references": [ "var.kms_master_key_arn" ] }, "lifecycle_prefix": { "references": [ "var.lifecycle_prefix" ] }, "lifecycle_rule_enabled": { "references": [ "var.lifecycle_rule_enabled" ] }, "lifecycle_tags": { "references": [ "var.lifecycle_tags" ] }, "noncurrent_version_expiration_days": { "references": [ "var.noncurrent_version_expiration_days" ] }, "noncurrent_version_transition_days": { "references": [ "var.noncurrent_version_transition_days" ] }, "policy": { "references": [ "data.aws_iam_policy_document.default" ] }, "restrict_public_buckets": { "references": [ "var.restrict_public_buckets" ] }, "sse_algorithm": { "references": [ "var.sse_algorithm" ] }, "standard_transition_days": { "references": [ "var.standard_transition_days" ] }, "versioning_enabled": { "references": [ "var.versioning_enabled" ] } }, "module": { "outputs": { "bucket_arn": { "expression": { "references": [ "aws_s3_bucket.default" ] }, "description": "Bucket ARN" }, "bucket_domain_name": { "expression": { "references": [ "aws_s3_bucket.default" ] }, "description": "FQDN of bucket" }, "bucket_id": { "expression": { "references": [ "aws_s3_bucket.default" ] }, "description": "Bucket Name (aka ID)" }, "enabled": { "expression": { "references": [ "module.this.enabled" ] }, "description": "Is module enabled" }, "prefix": { "expression": { "references": [ "var.lifecycle_prefix" ] }, "description": "Prefix configured for lifecycle rules" } }, "resources": [ { "address": "aws_s3_bucket.default", "mode": "managed", "type": "aws_s3_bucket", "name": "default", "provider_config_key": "s3_bucket:aws", "expressions": { "acl": { "references": [ "var.acl" ] }, "bucket": { "references": [ "module.this.id" ] }, "force_destroy": { "references": [ "var.force_destroy" ] }, "lifecycle_rule": [ { "abort_incomplete_multipart_upload_days": { "references": [ "var.abort_incomplete_multipart_upload_days" ] }, "enabled": { "references": [ "var.lifecycle_rule_enabled" ] }, "expiration": [ { "days": { "references": [ "var.expiration_days" ] } } ], "id": { "references": [ "module.this.id" ] }, "noncurrent_version_expiration": [ { "days": { "references": [ "var.noncurrent_version_expiration_days" ] } } ], "prefix": { "references": [ "var.lifecycle_prefix" ] }, "tags": { "references": [ "var.lifecycle_tags" ] }, "transition": [ { "days": { "references": [ "var.standard_transition_days" ] }, "storage_class": { "constant_value": "STANDARD_IA" } } ] } ], "policy": { "references": [ "var.policy" ] }, "server_side_encryption_configuration": [ { "rule": [ { "apply_server_side_encryption_by_default": [ { "kms_master_key_id": { "references": [ "var.kms_master_key_arn" ] }, "sse_algorithm": { "references": [ "var.sse_algorithm" ] } } ] } ] } ], "tags": { "references": [ "module.this.tags" ] }, "versioning": [ { "enabled": { "references": [ "var.versioning_enabled" ] } } ] }, "schema_version": 0, "count_expression": { "references": [ "module.this.enabled" ] } }, { "address": "aws_s3_bucket_public_access_block.default", "mode": "managed", "type": "aws_s3_bucket_public_access_block", "name": "default", "provider_config_key": "s3_bucket:aws", "expressions": { "block_public_acls": { "references": [ "var.block_public_acls" ] }, "block_public_policy": { "references": [ "var.block_public_policy" ] }, "bucket": { "references": [ "aws_s3_bucket.default" ] }, "ignore_public_acls": { "references": [ "var.ignore_public_acls" ] }, "restrict_public_buckets": { "references": [ "var.restrict_public_buckets" ] } }, "schema_version": 0, "count_expression": { "references": [ "module.this.enabled" ] } } ], "module_calls": { "this": { "source": "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2", "expressions": { "additional_tag_map": { "references": [ "var.additional_tag_map" ] }, "attributes": { "references": [ "var.attributes" ] }, "context": { "references": [ "var.context" ] }, "delimiter": { "references": [ "var.delimiter" ] }, "enabled": { "references": [ "var.enabled" ] }, "environment": { "references": [ "var.environment" ] }, "id_length_limit": { "references": [ "var.id_length_limit" ] }, "label_order": { "references": [ "var.label_order" ] }, "name": { "references": [ "var.name" ] }, "namespace": { "references": [ "var.namespace" ] }, "regex_replace_chars": { "references": [ "var.regex_replace_chars" ] }, "stage": { "references": [ "var.stage" ] }, "tags": { "references": [ "var.tags" ] } }, "module": { "outputs": { "additional_tag_map": { "expression": { "references": [ "local.additional_tag_map" ] }, "description": "The merged additional_tag_map" }, "attributes": { "expression": { "references": [ "local.enabled", "local.attributes" ] }, "description": "List of attributes" }, "context": { "expression": { "references": [ "local.input" ] }, "description": "Merged but otherwise unmodified input to this module, to be used as context input to other modules.\nNote: this version will have null values as defaults, not the values actually used as defaults.\n" }, "delimiter": { "expression": { "references": [ "local.enabled", "local.delimiter" ] }, "description": "Delimiter between `namespace`, `environment`, `stage`, `name` and `attributes`" }, "enabled": { "expression": { "references": [ "local.enabled" ] }, "description": "True if module is enabled, false otherwise" }, "environment": { "expression": { "references": [ "local.enabled", "local.environment" ] }, "description": "Normalized environment" }, "id": { "expression": { "references": [ "local.enabled", "local.id" ] }, "description": "Disambiguated ID restricted to `id_length_limit` characters in total" }, "id_full": { "expression": { "references": [ "local.enabled", "local.id_full" ] }, "description": "Disambiguated ID not restricted in length" }, "id_length_limit": { "expression": { "references": [ "local.id_length_limit" ] }, "description": "The id_length_limit actually used to create the ID, with `0` meaning unlimited" }, "label_order": { "expression": { "references": [ "local.label_order" ] }, "description": "The naming order actually used to create the ID" }, "name": { "expression": { "references": [ "local.enabled", "local.name" ] }, "description": "Normalized name" }, "namespace": { "expression": { "references": [ "local.enabled", "local.namespace" ] }, "description": "Normalized namespace" }, "normalized_context": { "expression": { "references": [ "local.output_context" ] }, "description": "Normalized context of this module" }, "regex_replace_chars": { "expression": { "references": [ "local.regex_replace_chars" ] }, "description": "The regex_replace_chars actually used to create the ID" }, "stage": { "expression": { "references": [ "local.enabled", "local.stage" ] }, "description": "Normalized stage" }, "tags": { "expression": { "references": [ "local.enabled", "local.tags" ] }, "description": "Normalized Tag map" }, "tags_as_list_of_maps": { "expression": { "references": [ "local.tags_as_list_of_maps" ] }, "description": "Additional tags as a list of maps, which can be used in several AWS resources" } }, "variables": { "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" } } } } }, "variables": { "abort_incomplete_multipart_upload_days": { "default": 5, "description": "Maximum time (in days) that you want to allow multipart uploads to remain in progress" }, "access_log_bucket_name": { "default": "", "description": "Name of the S3 bucket where s3 access log will be sent to" }, "acl": { "default": "log-delivery-write", "description": "The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services" }, "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "block_public_acls": { "default": true, "description": "Set to `false` to disable the blocking of new public access lists on the bucket" }, "block_public_policy": { "default": true, "description": "Set to `false` to disable the blocking of new public policies on the bucket" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enable_glacier_transition": { "default": true, "description": "Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files" }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "expiration_days": { "default": 90, "description": "Number of days after which to expunge the objects" }, "force_destroy": { "default": false, "description": "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable" }, "glacier_transition_days": { "default": 60, "description": "Number of days after which to move the data to the glacier storage tier" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "ignore_public_acls": { "default": true, "description": "Set to `false` to disable the ignoring of public access lists on the bucket" }, "kms_master_key_arn": { "default": "", "description": "The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "lifecycle_prefix": { "default": "", "description": "Prefix filter. Used to manage object lifecycle events" }, "lifecycle_rule_enabled": { "default": true, "description": "Enable lifecycle events on this bucket" }, "lifecycle_tags": { "default": {}, "description": "Tags filter. Used to manage object lifecycle events" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "noncurrent_version_expiration_days": { "default": 90, "description": "Specifies when noncurrent object versions expire" }, "noncurrent_version_transition_days": { "default": 30, "description": "Specifies when noncurrent object versions transitions" }, "policy": { "default": "", "description": "A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "restrict_public_buckets": { "default": true, "description": "Set to `false` to disable the restricting of making the bucket public" }, "sse_algorithm": { "default": "AES256", "description": "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "standard_transition_days": { "default": 30, "description": "Number of days to persist in the standard storage tier before moving to the infrequent access tier" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" }, "versioning_enabled": { "default": false, "description": "A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket" } } } }, "this": { "source": "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2", "expressions": { "additional_tag_map": { "references": [ "var.additional_tag_map" ] }, "attributes": { "references": [ "var.attributes" ] }, "context": { "references": [ "var.context" ] }, "delimiter": { "references": [ "var.delimiter" ] }, "enabled": { "references": [ "var.enabled" ] }, "environment": { "references": [ "var.environment" ] }, "id_length_limit": { "references": [ "var.id_length_limit" ] }, "label_order": { "references": [ "var.label_order" ] }, "name": { "references": [ "var.name" ] }, "namespace": { "references": [ "var.namespace" ] }, "regex_replace_chars": { "references": [ "var.regex_replace_chars" ] }, "stage": { "references": [ "var.stage" ] }, "tags": { "references": [ "var.tags" ] } }, "module": { "outputs": { "additional_tag_map": { "expression": { "references": [ "local.additional_tag_map" ] }, "description": "The merged additional_tag_map" }, "attributes": { "expression": { "references": [ "local.enabled", "local.attributes" ] }, "description": "List of attributes" }, "context": { "expression": { "references": [ "local.input" ] }, "description": "Merged but otherwise unmodified input to this module, to be used as context input to other modules.\nNote: this version will have null values as defaults, not the values actually used as defaults.\n" }, "delimiter": { "expression": { "references": [ "local.enabled", "local.delimiter" ] }, "description": "Delimiter between `namespace`, `environment`, `stage`, `name` and `attributes`" }, "enabled": { "expression": { "references": [ "local.enabled" ] }, "description": "True if module is enabled, false otherwise" }, "environment": { "expression": { "references": [ "local.enabled", "local.environment" ] }, "description": "Normalized environment" }, "id": { "expression": { "references": [ "local.enabled", "local.id" ] }, "description": "Disambiguated ID restricted to `id_length_limit` characters in total" }, "id_full": { "expression": { "references": [ "local.enabled", "local.id_full" ] }, "description": "Disambiguated ID not restricted in length" }, "id_length_limit": { "expression": { "references": [ "local.id_length_limit" ] }, "description": "The id_length_limit actually used to create the ID, with `0` meaning unlimited" }, "label_order": { "expression": { "references": [ "local.label_order" ] }, "description": "The naming order actually used to create the ID" }, "name": { "expression": { "references": [ "local.enabled", "local.name" ] }, "description": "Normalized name" }, "namespace": { "expression": { "references": [ "local.enabled", "local.namespace" ] }, "description": "Normalized namespace" }, "normalized_context": { "expression": { "references": [ "local.output_context" ] }, "description": "Normalized context of this module" }, "regex_replace_chars": { "expression": { "references": [ "local.regex_replace_chars" ] }, "description": "The regex_replace_chars actually used to create the ID" }, "stage": { "expression": { "references": [ "local.enabled", "local.stage" ] }, "description": "Normalized stage" }, "tags": { "expression": { "references": [ "local.enabled", "local.tags" ] }, "description": "Normalized Tag map" }, "tags_as_list_of_maps": { "expression": { "references": [ "local.tags_as_list_of_maps" ] }, "description": "Additional tags as a list of maps, which can be used in several AWS resources" } }, "variables": { "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" } } } } }, "variables": { "abort_incomplete_multipart_upload_days": { "default": 5, "description": "Maximum time (in days) that you want to allow multipart uploads to remain in progress" }, "access_log_bucket_name": { "default": "", "description": "Name of the S3 bucket where s3 access log will be sent to" }, "acl": { "default": "log-delivery-write", "description": "The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services" }, "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "arn_format": { "default": "arn:aws", "description": "ARN format to be used. May be changed to support deployment in GovCloud/China regions." }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "block_public_acls": { "default": true, "description": "Set to `false` to disable the blocking of new public access lists on the bucket" }, "block_public_policy": { "default": true, "description": "Set to `false` to disable the blocking of new public policies on the bucket" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enable_glacier_transition": { "default": false, "description": "Glacier transition might just increase your bill. Set to false to disable lifecycle transitions to AWS Glacier." }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "expiration_days": { "default": 90, "description": "Number of days after which to expunge the objects" }, "force_destroy": { "default": false, "description": "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable" }, "glacier_transition_days": { "default": 60, "description": "Number of days after which to move the data to the glacier storage tier" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "ignore_public_acls": { "default": true, "description": "Set to `false` to disable the ignoring of public access lists on the bucket" }, "kms_master_key_arn": { "default": "", "description": "The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "lifecycle_prefix": { "default": "", "description": "Prefix filter. Used to manage object lifecycle events" }, "lifecycle_rule_enabled": { "default": true, "description": "Enable lifecycle events on this bucket" }, "lifecycle_tags": { "default": {}, "description": "Tags filter. Used to manage object lifecycle events" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "noncurrent_version_expiration_days": { "default": 90, "description": "Specifies when noncurrent object versions expire" }, "noncurrent_version_transition_days": { "default": 30, "description": "Specifies when noncurrent object versions transitions" }, "policy": { "default": "", "description": "A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "restrict_public_buckets": { "default": true, "description": "Set to `false` to disable the restricting of making the bucket public" }, "sse_algorithm": { "default": "AES256", "description": "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "standard_transition_days": { "default": 30, "description": "Number of days to persist in the standard storage tier before moving to the infrequent access tier" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" }, "versioning_enabled": { "default": false, "description": "A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket" } } }, "version_constraint": "0.12.0" }, "this": { "source": "cloudposse/label/null", "expressions": { "additional_tag_map": { "references": [ "var.additional_tag_map" ] }, "attributes": { "references": [ "var.attributes" ] }, "context": { "references": [ "var.context" ] }, "delimiter": { "references": [ "var.delimiter" ] }, "enabled": { "references": [ "var.enabled" ] }, "environment": { "references": [ "var.environment" ] }, "id_length_limit": { "references": [ "var.id_length_limit" ] }, "label_order": { "references": [ "var.label_order" ] }, "name": { "references": [ "var.name" ] }, "namespace": { "references": [ "var.namespace" ] }, "regex_replace_chars": { "references": [ "var.regex_replace_chars" ] }, "stage": { "references": [ "var.stage" ] }, "tags": { "references": [ "var.tags" ] } }, "module": { "outputs": { "additional_tag_map": { "expression": { "references": [ "local.additional_tag_map" ] }, "description": "The merged additional_tag_map" }, "attributes": { "expression": { "references": [ "local.enabled", "local.attributes" ] }, "description": "List of attributes" }, "context": { "expression": { "references": [ "local.input" ] }, "description": "Merged but otherwise unmodified input to this module, to be used as context input to other modules.\nNote: this version will have null values as defaults, not the values actually used as defaults.\n" }, "delimiter": { "expression": { "references": [ "local.enabled", "local.delimiter" ] }, "description": "Delimiter between `namespace`, `environment`, `stage`, `name` and `attributes`" }, "enabled": { "expression": { "references": [ "local.enabled" ] }, "description": "True if module is enabled, false otherwise" }, "environment": { "expression": { "references": [ "local.enabled", "local.environment" ] }, "description": "Normalized environment" }, "id": { "expression": { "references": [ "local.enabled", "local.id" ] }, "description": "Disambiguated ID restricted to `id_length_limit` characters in total" }, "id_full": { "expression": { "references": [ "local.enabled", "local.id_full" ] }, "description": "Disambiguated ID not restricted in length" }, "id_length_limit": { "expression": { "references": [ "local.id_length_limit" ] }, "description": "The id_length_limit actually used to create the ID, with `0` meaning unlimited" }, "label_order": { "expression": { "references": [ "local.label_order" ] }, "description": "The naming order actually used to create the ID" }, "name": { "expression": { "references": [ "local.enabled", "local.name" ] }, "description": "Normalized name" }, "namespace": { "expression": { "references": [ "local.enabled", "local.namespace" ] }, "description": "Normalized namespace" }, "normalized_context": { "expression": { "references": [ "local.output_context" ] }, "description": "Normalized context of this module" }, "regex_replace_chars": { "expression": { "references": [ "local.regex_replace_chars" ] }, "description": "The regex_replace_chars actually used to create the ID" }, "stage": { "expression": { "references": [ "local.enabled", "local.stage" ] }, "description": "Normalized stage" }, "tags": { "expression": { "references": [ "local.enabled", "local.tags" ] }, "description": "Normalized Tag map" }, "tags_as_list_of_maps": { "expression": { "references": [ "local.tags_as_list_of_maps" ] }, "description": "Additional tags as a list of maps, which can be used in several AWS resources" } }, "variables": { "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" } } }, "version_constraint": "0.22.1" } }, "variables": { "additional_tag_map": { "default": {}, "description": "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." }, "applications": { "default": [] }, "attributes": { "default": [], "description": "Additional attributes (e.g. `1`)" }, "context": { "default": { "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }, "description": "Single object for setting entire context at once.\nSee description of individual variables for details.\nLeave string and numeric variables as `null` to use default value.\nIndividual variable settings (non-null) override settings in context object,\nexcept for attributes, tags, and additional_tag_map, which are merged.\n" }, "delimiter": { "default": null, "description": "Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.\nDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all.\n" }, "enable_log_file_validation": { "description": "Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs" }, "enable_logging": { "description": "Enable logging for the trail" }, "enabled": { "default": null, "description": "Set to false to prevent the module from creating any resources" }, "environment": { "default": null, "description": "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" }, "id_length_limit": { "default": null, "description": "Limit `id` to this many characters.\nSet to `0` for unlimited length.\nSet to `null` for default, which is `0`.\nDoes not affect `id_full`.\n" }, "include_global_service_events": { "description": "Specifies whether the trail is publishing events from global services such as IAM to the log files" }, "is_multi_region_trail": { "description": "Specifies whether the trail is created in the current region or in all regions" }, "is_organization_trail": { "description": "The trail is an AWS Organizations trail" }, "label_order": { "default": null, "description": "The naming order of the id output and Name tag.\nDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\nYou can omit any of the 5 elements, but at least one must be present.\n" }, "name": { "default": null, "description": "Solution name, e.g. 'app' or 'jenkins'" }, "namespace": { "default": null, "description": "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" }, "regex_replace_chars": { "default": null, "description": "Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.\nIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits.\n" }, "region": { "description": "AWS region" }, "stage": { "default": null, "description": "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" }, "tags": { "default": {}, "description": "Additional tags (e.g. `map('BusinessUnit','XYZ')`" } } } } }