Add audit-cloudtrail (#11)

* Add `cloudtrail-audit`

* Rename to `audit-cloudtrail`

Author: aknysh

README.md

@@ -11,7 +11,7 @@ This is a collection of reusable root modules for CloudPosse AWS accounts.
 Use the `terraform-root-modules` Docker image as the base image in the application `Dockerfile`, and copy the modules from `/aws` folder into `/conf` folder
 
 ```dockerfile
-FROM cloudposse/terraform-root-modules:0.2.2 as terraform-root-modules
+FROM cloudposse/terraform-root-modules:0.3.1 as terraform-root-modules
 
 FROM cloudposse/geodesic:0.9.18
 

aws/audit-cloudtrail/main.tf

@@ -0,0 +1,68 @@
+terraform {
+  required_version = ">= 0.11.2"
+
+  backend "s3" {}
+}
+
+variable "aws_assume_role_arn" {
+  type = "string"
+}
+
+provider "aws" {
+  assume_role {
+    role_arn = "${var.aws_assume_role_arn}"
+  }
+}
+
+variable "namespace" {
+  type        = "string"
+  description = "Namespace (e.g. `cp` or `cloudposse`)"
+}
+
+variable "stage" {
+  type        = "string"
+  description = "Stage (e.g. `audit`)"
+  default     = "audit"
+}
+
+variable "name" {
+  type        = "string"
+  description = "Name (e.g. `account`)"
+  default     = "account"
+}
+
+variable "region" {
+  type        = "string"
+  description = "AWS region"
+}
+
+module "cloudtrail" {
+  source                        = "git::https://github.com/cloudposse/terraform-aws-cloudtrail.git?ref=tags/0.3.0"
+  namespace                     = "${var.namespace}"
+  stage                         = "${var.stage}"
+  name                          = "${var.name}"
+  enable_logging                = "true"
+  enable_log_file_validation    = "true"
+  include_global_service_events = "true"
+  is_multi_region_trail         = "true"
+  s3_bucket_name                = "${module.cloudtrail_s3_bucket.bucket_id}"
+}
+
+module "cloudtrail_s3_bucket" {
+  namespace = "${var.namespace}"
+  stage     = "${var.stage}"
+  name      = "${var.name}"
+  region    = "${var.region}"
+}
+
+output "cloudtrail_bucket_domain_name" {
+  value = "${module.cloudtrail_s3_bucket.bucket_domain_name}"
+}
+
+output "cloudtrail_bucket_id" {
+  value = "${module.cloudtrail_s3_bucket.bucket_id}"
+}
+
+output "cloudtrail_bucket_arn" {
+  value = "${module.cloudtrail_s3_bucket.bucket_arn}"
+}

aws/audit-cloudtrail/terraform.tfvars.example

@@ -0,0 +1,4 @@
+namespace="cp"
+stage="audit"
+name="account"
+region="us-west-2"

aws/cloudtrail/main.tf

@@ -4,7 +4,9 @@ terraform {
   backend "s3" {}
 }
 
-variable "aws_assume_role_arn" {}
+variable "aws_assume_role_arn" {
+  type = "string"
+}
 
 provider "aws" {
   assume_role {
@@ -24,28 +26,10 @@ variable "stage" {
 
 variable "name" {
   type        = "string"
-  description = "Application or solution name (e.g. `app`)"
+  description = "Name (e.g. `account`)"
   default     = "account"
 }
 
-variable "delimiter" {
-  type        = "string"
-  default     = "-"
-  description = "Delimiter to be used between `namespace`, `stage`, `name` and `attributes`"
-}
-
-variable "attributes" {
-  type        = "list"
-  default     = []
-  description = "Additional attributes (e.g. `1`)"
-}
-
-variable "tags" {
-  type        = "map"
-  default     = {}
-  description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)"
-}
-
 module "cloudtrail" {
   source                        = "git::https://github.com/cloudposse/terraform-aws-cloudtrail.git?ref=tags/0.3.0"
   namespace                     = "${var.namespace}"

aws/cloudtrail/terraform.tfvars.example

@@ -1,2 +1,3 @@
 namespace="cp"
 stage="staging"
+name="account"