2118 au 05 audit process migrate logs to s3 buckets (#2197)

* Add logstream wildcard to cloudwatch group arn * Refactor cloudtrail to deliver logs to separate buckets for prod and staging
cisagov · Aug 25, 2023 · c15096b · c15096b
1 parent 3380a25
commit c15096b
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/infrastructure/cloudtrail.tf b/infrastructure/cloudtrail.tf
@@ -1,6 +1,6 @@
 
-resource "aws_cloudwatch_log_group" "all" {
-  name              = var.logging_bucket_name
+resource "aws_cloudwatch_log_group" "cloudtrail" {
+  name              = "crossfeed-${var.stage}-cloudtrail-logs"
   retention_in_days = 3653
   kms_key_id        = aws_kms_key.key.arn
   tags = {
@@ -13,7 +13,7 @@ resource "aws_cloudtrail" "all-events" {
   name                       = "all-events"
   s3_bucket_name             = var.logging_bucket_name
   cloud_watch_logs_role_arn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.logging_bucket_name}-cloudtrail-role"
-  cloud_watch_logs_group_arn = aws_cloudwatch_log_group.all.arn
+  cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.cloudtrail.arn}:*"
   tags = {
     Project = var.project
     Stage   = var.stage