Skip to content
/ terraform-alerts-s3-getobject Public

Terraform code to configure cloudtrail to monitor S3 actions and pipe logs to cloudwatch. Cloudwatch metric filter will trigger lambda to send alerts to slack

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xinweiiiii/terraform-alerts-s3-getobject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
images
images
 
 
modules
modules
 
 
README.md
README.md
 
 
config.tf
config.tf
 
 
dev.tfvars
dev.tfvars
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

terraform-alerts-s3-getobject

Terraform code to configure cloudtrail to monitor S3 actions and pipe logs to cloudwatch. Cloudwatch metric filter will trigger lambda to send alerts to slack

This terraform source code will provision a new cloudtrail trail - the trail will send S3 bucket data events to a logging S3 bucket and Cloudwatch log group. Create a lambda function that is trigger by cloudwatch events with metric filter configured - the lambda function will trigger a notification alert to Slack to indicate s3:GetObject action by unauthorized users/roles.

Architecture

architecture

Setup

  1. Configure your AWS CLI to run terraform
  2. Fill in the variables value in dev.tfvars
  3. Run terraform apply -var-file=dev.tfvars

Conclusion

You can read up more on the implementation over here - https://medium.com/@xinweiiiii/monitor-aws-s3-getobject-events-and-send-notification-to-slack-using-cloudtrail-lambda-89a8cb1122e9

About

Terraform code to configure cloudtrail to monitor S3 actions and pipe logs to cloudwatch. Cloudwatch metric filter will trigger lambda to send alerts to slack

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages