From b9102f6d4cf3972aa545a791ce0aab0ac7253726 Mon Sep 17 00:00:00 2001 From: etcwoo Date: Sat, 24 Jun 2023 14:46:45 +0900 Subject: [PATCH] Update example for AdvancedEventSelector - Added set CloudTrail management logs --- examples/AdvancedEventSelector/main.tf | 28 +++++++++------------- examples/AdvancedEventSelector/versions.tf | 2 +- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/examples/AdvancedEventSelector/main.tf b/examples/AdvancedEventSelector/main.tf index 772c27d..04c1918 100644 --- a/examples/AdvancedEventSelector/main.tf +++ b/examples/AdvancedEventSelector/main.tf @@ -8,7 +8,7 @@ module "cloudtrail" { source = "../..//" name = "CloudTrail01" - s3_bucket_name = "cloudtrail-logs-123456789012" + s3_bucket_name = "aws-cloudtrail-logs-362252864672-5f4dec40" enable_logging = true insight_selector = { ApiCallRateInsight : true @@ -16,34 +16,28 @@ module "cloudtrail" { } advanced_event_selector = [ { - name = "Advanced Event Selector 01" - + name = "Advanced Event Selector" field_selector = [ { - field = "resources.type" - equals = ["AWS::GuardDuty::Detector"] + field = "eventCategory" + equals = ["Management"] }, { - field = "eventCategory" - equals = ["Data"] + field = "eventSource" + not_equals = ["kms.amazonaws.com", "rdsdata.amazonaws.com"] } ] }, { - name = "Advanced Event Selector 02" - + name = "Advanced Event Selector" field_selector = [ - { - field = "resources.type" - equals = ["AWS::S3::Object"] - }, - { - field = "readOnly" - equals = ["true"] - }, { field = "eventCategory" equals = ["Data"] + }, + { + field = "resources.type" + equals = ["AWS::S3::Object"] } ] }, diff --git a/examples/AdvancedEventSelector/versions.tf b/examples/AdvancedEventSelector/versions.tf index 02da698..1b095b7 100644 --- a/examples/AdvancedEventSelector/versions.tf +++ b/examples/AdvancedEventSelector/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.51.0" + version = ">= 5.4.0" } } } \ No newline at end of file