✨ Add Audit Log Streaming Infrastructure for GitHub

ministryofjustice · Jan 15, 2025 · 6eb5739 · 6eb5739
1 parent 740ce6e
commit 6eb5739
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/terraform/environments/operations-engineering/audit_log_streaming_github.tf b/terraform/environments/operations-engineering/audit_log_streaming_github.tf
@@ -0,0 +1,28 @@
+module "github-cloudtrail-auditlog" {
+  source                          = "github.com/ministryofjustice/operations-engineering-cloudtrail-lake-github-audit-log-terraform-module?ref=main"
+  create_github_auditlog_s3bucket = true
+  github_auditlog_s3bucket        = "github-audit-log-landing"
+  cloudtrail_lake_channel_arn     = aws_cloudtrail_channel.github_channel.arn
+  github_audit_allow_list         = ".*"
+}
+
+resource "aws_cloudtrail_event_data_store" "github_audit_logs" {
+  name                           = "github-audit-logs-store"
+  retention_period               = 90
+  termination_protection_enabled = true
+
+  advanced_event_selector {
+    name = "GitHubAuditLogs"
+    field_selector {
+      field  = "eventSource"
+      equals = ["GitHub"]
+    }
+  }
+}
+
+resource "aws_cloudtrail_channel" "github_channel" {
+  name                    = "github-audit-log-channel"
+  source                  = "Github"
+  destinations            = [aws_cloudtrail_event_data_store.github_audit_logs.arn]
+  advanced_event_selector = aws_cloudtrail_event_data_store.github_audit_logs.advanced_event_selector
+}