Enhance security posture and ensure compliance for infrastructure

## Why
Our current [infrastructure templates](https://github.com/nimblehq/infrastructure-templates) lack comprehensive logging and monitoring capabilities, which are essential for maintaining a secure and auditable environment. This absence of critical visibility presents significant risks, as it severely hinders our ability to track user activities, detect unauthorized access, and effectively analyze network traffic.

- Lack audit logging for activity actions: The template does not provide a module to track API calls and user actions within our AWS accounts. This leaves us without a clear audit trail of who is making changes to resources (e.g., deleting S3 buckets or terminating EC2 instances). Without this visibility, we cannot effectively detect unauthorized access, investigate malicious activity, or meet crucial security and compliance audit requirements.
- Lack of network visibility: The template does not include a module to track network ingress and egress traffic within the VPC. Without the visibility of network flows, it poses challenges for troubleshooting, security analysis, and the proactive detection of anomalous or unauthorized network connections, which are critical for operational monitoring.

From Security Hub Foundations Benchmark: 

- https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-6
- https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html

## Acceptance Criteria

- [ ]  Create a module for VPC Flow Logs to enhance network visibility.
- [ ]  Create a module for CloudTrail to manage audit logs.
- [ ]  Create a module for Action Alerts, such as when someone deletes our VPC or performs a spam login in the AWS account.

<img width="200" height="347" alt="Image" src="https://github.com/user-attachments/assets/567bb97f-bbdc-45b3-9f17-7e4122107e13" />


## Resources

- https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
- [Terraform VPC flow logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log)
- [Terraform CloudTrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail)


## Who Benefits?

**Developer:** Enhanced ability for **troubleshooting** and **security analysis** through network visibility (**VPC Flow Logs**). Clear audit trail for changes, improving **operational monitoring**.

**Security/Compliance:** Meeting **audit requirements** and Security Hub controls. Ability to **detect unauthorized access** and investigate malicious activity using **CloudTrail** and **Action Alerts**.

**Client:** Mitigation of **security risks** and assurance of an **auditable environment**. Improved **accountability** and protection of resources.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance security posture and ensure compliance for infrastructure #316

Why

Acceptance Criteria

Resources

Who Benefits?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Enhance security posture and ensure compliance for infrastructure #316

Description

Why

Acceptance Criteria

Resources

Who Benefits?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions