Contact Us | Stratusphere FinOps | StratusGrid Home | Blog

terraform-aws-cloudwatch-alarms

GitHub: StratusGrid/terraform-aws-cloudwatch-alarms

This module will create multiple rules to cover the security alarms of a Well Architected Review.

Examples

# This example skips the kms_key variable as it defaults to the key provided by Data
module "terraform-aws-cloudwatch-alarms" {
 source  = "StratusGrid/cloudwatch-alarms/aws"
 version = "<insert relevant version>"

 log_group_name = "${var.name_prefix}-name-to-use${local.name_suffix}"
 input_tags     = merge(local.common_tags, {})
}

# This example specifies a key to be used.
module "terraform-aws-cloudwatch-alarms" {
 source  = "StratusGrid/cloudwatch-alarms/aws"
 version = "<insert relevant version>"

 log_group_name = "${var.name_prefix}-name-to-use${local.name_suffix}"
 create_kms_key = false
 kms_key_id     = "arn:aws:kms:region:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
 input_tags     = merge(local.common_tags, {})
}

---

Requirements

Name	Version
terraform	>= 1.0
aws	>= 3.75

Resources

Name	Type
aws_cloudwatch_log_metric_filter.aws_authorization_failures	resource
aws_cloudwatch_log_metric_filter.aws_cloudtrail_changes	resource
aws_cloudwatch_log_metric_filter.aws_cmk_changes	resource
aws_cloudwatch_log_metric_filter.aws_console_sign_in_failures	resource
aws_cloudwatch_log_metric_filter.console_sign_in_without_mfa	resource
aws_cloudwatch_log_metric_filter.ec2_instance_status_changes	resource
aws_cloudwatch_log_metric_filter.iam_auth_config_changes	resource
aws_cloudwatch_log_metric_filter.launch_ec2_large_instances	resource
aws_cloudwatch_log_metric_filter.organizations_changes	resource
aws_cloudwatch_log_metric_filter.root_account_usage	resource
aws_cloudwatch_log_metric_filter.route_table_config_changes	resource
aws_cloudwatch_log_metric_filter.s3_bucket_config_changes	resource
aws_cloudwatch_log_metric_filter.security_group_config_changes	resource
aws_cloudwatch_log_metric_filter.vpc_gateway_config_changes	resource
aws_cloudwatch_log_metric_filter.vpc_network_config_changes	resource
aws_cloudwatch_metric_alarm.aws_authorization_failures	resource
aws_cloudwatch_metric_alarm.aws_cloudtrail_changes	resource
aws_cloudwatch_metric_alarm.aws_cmk_changes	resource
aws_cloudwatch_metric_alarm.aws_console_sign_in_failures	resource
aws_cloudwatch_metric_alarm.console_sign_in_without_mfa	resource
aws_cloudwatch_metric_alarm.ec2_instance_status_changes	resource
aws_cloudwatch_metric_alarm.iam_auth_config_changes	resource
aws_cloudwatch_metric_alarm.launch_ec2_large_instances	resource
aws_cloudwatch_metric_alarm.organizations_changes	resource
aws_cloudwatch_metric_alarm.root_account_usage	resource
aws_cloudwatch_metric_alarm.route_table_config_changes	resource
aws_cloudwatch_metric_alarm.s3_bucket_config_changes	resource
aws_cloudwatch_metric_alarm.security_group_config_changes	resource
aws_cloudwatch_metric_alarm.vpc_gateway_config_changes	resource
aws_cloudwatch_metric_alarm.vpc_network_config_changes	resource
aws_kms_alias.this	resource
aws_kms_key.this	resource
aws_sns_topic.this	resource

Inputs

Name	Description	Type	Default	Required
create_kms_key	Boolean to define if KMS key should be created or not	bool	true	no
input_tags	Map of tags to apply to resources	map(string)	{ "ModuleDeveloper": "StratusGrid", "Provisioner": "Terraform" }	no
kms_key_id	ID of the key to be used by Cloud Trail to encrypt the logs	string	""	no
log_group_name	Name of the CloudWatch Log Group where the events are being recorded	string	n/a	yes
name_prefix	Name to prepend to all resource names within module	string	n/a	yes
name_suffix	Name to append to all resource names within module	string	""	no

Outputs

No outputs.

---

Note, manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run terraform-docs -c .config/.terraform-docs.yml