alicloud_log_audit

SLS log audit exists in the form of log service app.

In addition to inheriting all SLS functions, it also enhances the real-time automatic centralized collection of audit related logs across multi cloud products under multi accounts, and provides support for storage, query and information summary required by audit. It covers actiontrail, OSS, NAS, SLB, API gateway, RDS, WAF, cloud firewall, cloud security center and other products.

Example Usage

Basic Usage

data "alicloud_account" "default" {}
resource "alicloud_log_audit" "example" {
  display_name = "tf-audit-example"
  aliuid       = data.alicloud_account.default.id
  variable_map = {
    "actiontrail_enabled"             = "true",
    "actiontrail_ttl"                 = "180",
    "oss_access_enabled"              = "true",
    "oss_access_ttl"                  = "7",
    "oss_sync_enabled"                = "true",
    "oss_sync_ttl"                    = "180",
    "oss_metering_enabled"            = "true",
    "oss_metering_ttl"                = "180",
    "rds_enabled"                     = "true",
    "rds_audit_collection_policy"     = "",
    "rds_ttl"                         = "180",
    "rds_slow_enabled"                = "false",
    "rds_slow_collection_policy"      = "",
    "rds_slow_ttl"                    = "180",
    "rds_perf_enabled"                = "false",
    "rds_perf_collection_policy"      = "",
    "rds_perf_ttl"                    = "180",
    "vpc_flow_enabled"                = "false",
    "vpc_flow_ttl"                    = "7",
    "vpc_flow_collection_policy"      = "",
    "vpc_sync_enabled"                = "true",
    "vpc_sync_ttl"                    = "180",
    "polardb_enabled"                 = "true",
    "polardb_audit_collection_policy" = "",
    "polardb_ttl"                     = "180",
    "polardb_slow_enabled"            = "false",
    "polardb_slow_collection_policy"  = "",
    "polardb_slow_ttl"                = "180",
    "polardb_perf_enabled"            = "false",
    "polardb_perf_collection_policy"  = "",
    "polardb_perf_ttl"                = "180",
    "drds_audit_enabled"              = "true",
    "drds_audit_collection_policy"    = "",
    "drds_audit_ttl"                  = "7",
    "drds_sync_enabled"               = "true",
    "drds_sync_ttl"                   = "180",
    "slb_access_enabled"              = "true",
    "slb_access_collection_policy"    = "",
    "slb_access_ttl"                  = "7",
    "slb_sync_enabled"                = "true",
    "slb_sync_ttl"                    = "180",
    "bastion_enabled"                 = "true",
    "bastion_ttl"                     = "180",
    "waf_enabled"                     = "true",
    "waf_ttl"                         = "180",
    "cloudfirewall_enabled"           = "true",
    "cloudfirewall_ttl"               = "180",
    "ddos_coo_access_enabled"         = "false",
    "ddos_coo_access_ttl"             = "180",
    "ddos_bgp_access_enabled"         = "false",
    "ddos_bgp_access_ttl"             = "180",
    "ddos_dip_access_enabled"         = "false",
    "ddos_dip_access_ttl"             = "180",
    "sas_crack_enabled"               = "true",
    "sas_dns_enabled"                 = "true",
    "sas_http_enabled"                = "true",
    "sas_local_dns_enabled"           = "true",
    "sas_login_enabled"               = "true",
    "sas_network_enabled"             = "true",
    "sas_process_enabled"             = "true",
    "sas_security_alert_enabled"      = "true",
    "sas_security_hc_enabled"         = "true",
    "sas_security_vul_enabled"        = "true",
    "sas_session_enabled"             = "true",
    "sas_snapshot_account_enabled"    = "true",
    "sas_snapshot_port_enabled"       = "true",
    "sas_snapshot_process_enabled"    = "true",
    "sas_ttl"                         = "180",
    "apigateway_enabled"              = "true",
    "apigateway_ttl"                  = "180",
    "nas_enabled"                     = "true",
    "nas_ttl"                         = "180",
    "appconnect_enabled"              = "false",
    "appconnect_ttl"                  = "180",
    "cps_enabled"                     = "true",
    "cps_ttl"                         = "180",
    "k8s_audit_enabled"               = "true",
    "k8s_audit_collection_policy"     = "",
    "k8s_audit_ttl"                   = "180",
    "k8s_event_enabled"               = "true",
    "k8s_event_collection_policy"     = "",
    "k8s_event_ttl"                   = "180",
    "k8s_ingress_enabled"             = "true",
    "k8s_ingress_collection_policy"   = "",
    "k8s_ingress_ttl"                 = "180"
  }
}

Multiple accounts Usage

data "alicloud_account" "default" {}

resource "alicloud_log_audit" "example" {
  display_name = "tf-audit-example"
  aliuid       = data.alicloud_account.default.id
  variable_map = {
    "actiontrail_enabled" = "true",
    "actiontrail_ttl"     = "180",
    "oss_access_enabled"  = "true",
    "oss_access_ttl"      = "180",
  }
  multi_account = ["123456789123", "12345678912300123"]
}

Resource Directory Usage

data "alicloud_account" "default" {}

resource "alicloud_log_audit" "example" {
  display_name = "tf-audit-example"
  aliuid       = data.alicloud_account.default.id
  variable_map = {
    "actiontrail_enabled" = "true",
    "actiontrail_ttl"     = "180",
    "oss_access_enabled"  = "true",
    "oss_access_ttl"      = "180",
  }
  resource_directory_type = "all"
}
data "alicloud_account" "default" {}

resource "alicloud_log_audit" "example" {
  display_name = "tf-audit-example"
  aliuid       = data.alicloud_account.default.id
  variable_map = {
    "actiontrail_enabled" = "true",
    "actiontrail_ttl"     = "180",
    "oss_access_enabled"  = "true",
    "oss_access_ttl"      = "180",
  }
  multi_account           = [] //Put your member accounts here, separated by ","
  resource_directory_type = "custom"
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported:

Import

Log audit can be imported using the id, e.g.

$ terraform import alicloud_log_audit.example tf-audit-example