Terraform module to provision an CloudTrail with a custom notification.
- When you get an alarm, you want enough information to decide whether it needs immediate attention or not. You also want to customize the notification message to operational needs. The CloudWatch Logs Customize Alarms is a Lambda function that helps in reading the logs from CloudWatch Logs during an alarm and send a customized email through SNS.
- CloudWatch log group Logs has a Log group with a metric filter.
- CloudWatch Alarm is created to trigger when that metric exceeds a threshold.
- SNS subscription topic responsible to send the custom notification.
- The Lambda function is triggered on a EventBridge event.
- You need to provide the SNS topic.
This example:.
locals {
log_group_name = "LogGroupName"
sns_topic_arn = "arn:aws:sns:us-east-2:444455556666:MyTopic"
cloud_watch_log_group_arn = "arn:aws:logs:us-east-2:444455556666:MyLog"
}
module "cloudtrail_custom_alarms" {
enabled ? 1 : 0
cloudtrail_log_group_name = local.log_group_name
aws_sns_topic_arn = local.sns_topic_arn
lambda_timeout = 5
cloudwatch_log_cloudtrail_arn = local.cloud_watch_log_group_arn
}
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | = 3.74.1 |
| Name | Type |
|---|---|
| aws_lambda_function.lambda | resource |
| aws_lambda_permission.default | resource |
| aws_cloudwatch_log_group.alarm_lambda | resource |
| aws_iam_role.iam_for_lambda | resource |
| aws_iam_policy.lambda_cw | resource |
| aws_iam_role_policy_attachment.lambda_cw | resource |
| aws_cloudwatch_event_rule.alarm_notification | resource |
| aws_cloudwatch_event_target.lambda_target | resource |
| aws_iam_policy_document.lambda_assume_role | data source |
| aws_caller_identity.current | data source |
| archive_file.lambda_zip | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| lambda_name | The name for the lambda resource for the custom message. | string |
lambda_alarm_notification |
no |
| cloudtrail_log_group_name | The name of the loggroup that has all Cloudtrail Logs that will be used to get information to create custom message. | string |
n/a | yes |
| aws_sns_topic_arn | The ARN of SNS Topic that will be responsible to send notification | string |
n/a | yes |
| lambda_timeout | Set lambda Timeout. | number |
3 | no |
| cloudwatch_log_cloudtrail_arn | Cloudwatch Loggroup ARN | string |
n/a | yes |
| tags | A map of tags to add to all resources. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| lambda_arn | The Lambda ARN. |
Apache 2 Licensed. See LICENSE for full details.