diff --git a/README.md b/README.md index 4b27b1b..1c19349 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE). ## Introduction -THis module deploys a basic *Cloudtrail* set-up, with kms key and *S3* log bucket. +THis module deploys a basic *Cloudtrail* set-up, with kms key and *S3* log bucket and sets up a table for Athena with AWS Glue. ## Usage diff --git a/aws_glue_catalog_table.cloudtrail.tf b/aws_glue_catalog_table.cloudtrail.tf new file mode 100644 index 0000000..fa00a02 --- /dev/null +++ b/aws_glue_catalog_table.cloudtrail.tf @@ -0,0 +1,133 @@ + +resource "aws_glue_catalog_table" "cloudtrail" { + name = "cloudtrail_logs_trails_${data.aws_caller_identity.current.account_id}_prefix" + database_name = "default" + owner = "hadoop" + parameters = { + "EXTERNAL" = "TRUE" + "classification" = "cloudtrail" + "comment" = "CloudTrail table for ${local.trails_bucket} bucket" + "transient_lastDdlTime" = "1595852255" + } + + table_type = "EXTERNAL_TABLE" + storage_descriptor { + bucket_columns = [] + compressed = false + input_format = "com.amazon.emr.cloudtrail.CloudTrailInputFormat" + location = "s3://${local.trails_bucket}/prefix/AWSLogs/${data.aws_caller_identity.current.account_id}/CloudTrail" + number_of_buckets = -1 + output_format = "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat" + parameters = {} + stored_as_sub_directories = false + + columns { + name = "eventversion" + type = "string" + } + columns { + name = "useridentity" + type = "struct,sessionIssuer:struct>>" + } + columns { + name = "eventtime" + type = "string" + } + columns { + name = "eventsource" + type = "string" + } + columns { + name = "eventname" + type = "string" + } + columns { + name = "awsregion" + type = "string" + } + columns { + name = "sourceipaddress" + type = "string" + } + columns { + name = "useragent" + type = "string" + } + columns { + name = "errorcode" + type = "string" + } + columns { + name = "errormessage" + type = "string" + } + columns { + name = "requestparameters" + type = "string" + } + columns { + name = "responseelements" + type = "string" + } + columns { + name = "additionaleventdata" + type = "string" + } + columns { + name = "requestid" + type = "string" + } + columns { + name = "eventid" + type = "string" + } + columns { + name = "resources" + type = "array>" + } + columns { + name = "eventtype" + type = "string" + } + columns { + name = "apiversion" + type = "string" + } + columns { + name = "readonly" + type = "string" + } + columns { + name = "recipientaccountid" + type = "string" + } + columns { + name = "serviceeventdetails" + type = "string" + } + columns { + name = "sharedeventid" + type = "string" + } + columns { + name = "vpcendpointid" + type = "string" + } + + ser_de_info { + parameters = { + "serialization.format" = "1" + } + serialization_library = "com.amazon.emr.hive.serde.CloudTrailSerde" + } + + skewed_info { + skewed_column_names = [] + skewed_column_value_location_maps = {} + skewed_column_values = [] + } + } +} + + +#terraform import module.cloudtrail.aws_glue_catalog_table.cloudtrail 680235478471:default:cloudtrail_logs_trails_680235478471_prefix