mirror of https://github.com/ansible/ansible.git
cloudtrail: Initial integration tests (#61919)
parent
40660e7f6e
commit
0239f70648
@ -0,0 +1,2 @@
|
||||
cloud/aws
|
||||
unsupported
|
@ -0,0 +1,7 @@
|
||||
cloudtrail_name: '{{ resource_prefix }}-cloudtrail'
|
||||
s3_bucket_name: '{{ resource_prefix }}-cloudtrail-bucket'
|
||||
kms_alias: '{{ resource_prefix }}-cloudtrail'
|
||||
sns_topic: '{{ resource_prefix }}-cloudtrail-notifications'
|
||||
cloudtrail_prefix: 'test-prefix'
|
||||
cloudwatch_log_group: '{{ resource_prefix }}-cloudtrail'
|
||||
cloudwatch_role: '{{ resource_prefix }}-cloudtrail'
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,13 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "AssumeFromCloudTrails",
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": "cloudtrail.amazonaws.com"
|
||||
},
|
||||
"Action": "sts:AssumeRole"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "CloudTrail2CloudWatch",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"logs:CreateLogStream",
|
||||
"logs:PutLogEvents"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:logs:{{ aws_region }}:{{ aws_caller_info.account }}:log-group:{{ cloudwatch_log_group }}:log-stream:*",
|
||||
"arn:aws:logs:{{ aws_region }}:{{ aws_caller_info.account }}:log-group:{{ cloudwatch_log_group }}-2:log-stream:*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Id": "CloudTrailPolicy",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "EncryptLogs",
|
||||
"Effect": "Allow",
|
||||
"Principal": { "Service": "cloudtrail.amazonaws.com" },
|
||||
"Action": "kms:GenerateDataKey*",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringLike": {
|
||||
"kms:EncryptionContext:aws:cloudtrail:arn": [
|
||||
"arn:aws:cloudtrail:*:{{ aws_caller_info.account }}:trail/{{ resource_prefix }}*"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Sid": "DescribeKey",
|
||||
"Effect": "Allow",
|
||||
"Principal": { "Service": "cloudtrail.amazonaws.com" },
|
||||
"Action": "kms:DescribeKey",
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Sid": "AnsibleTestManage",
|
||||
"Effect": "Allow",
|
||||
"Principal": { "AWS": "{{ aws_caller_info.arn }}" },
|
||||
"Action": "*",
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "CloudTrailCheckAcl",
|
||||
"Effect": "Allow",
|
||||
"Principal": { "Service": "cloudtrail.amazonaws.com" },
|
||||
"Action": "s3:GetBucketAcl",
|
||||
"Resource": "arn:aws:s3:::{{ bucket_name }}",
|
||||
},
|
||||
{
|
||||
"Sid": "CloudTrailWriteLogs",
|
||||
"Effect": "Allow",
|
||||
"Principal": { "Service": "cloudtrail.amazonaws.com" },
|
||||
"Action": "s3:PutObject",
|
||||
"Resource": [
|
||||
"arn:aws:s3:::{{ bucket_name }}/AWSLogs/{{ aws_caller_info.account }}/*",
|
||||
"arn:aws:s3:::{{ bucket_name }}/{{ cloudtrail_prefix }}*/AWSLogs/{{ aws_caller_info.account }}/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"s3:x-amz-acl": "bucket-owner-full-control"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Sid": "AnsibleTestManage",
|
||||
"Effect": "Allow",
|
||||
"Principal": { "AWS": "{{ aws_caller_info.arn }}" },
|
||||
"Action": "*",
|
||||
"Resource": "arn:aws:s3:::{{ bucket_name }}"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
{
|
||||
"Version": "2008-10-17",
|
||||
"Id": "AnsibleSNSTesting",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "CloudTrailSNSPolicy",
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": "cloudtrail.amazonaws.com"
|
||||
},
|
||||
"Action": "sns:Publish",
|
||||
"Resource": "arn:aws:sns:{{ aws_region }}:{{ aws_caller_info.account }}:{{ sns_topic_name }}"
|
||||
},
|
||||
{
|
||||
"Sid": "AnsibleTestManage",
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": "{{ aws_caller_info.arn }}"
|
||||
},
|
||||
"Action": [
|
||||
"sns:Subscribe",
|
||||
"sns:ListSubscriptionsByTopic",
|
||||
"sns:DeleteTopic",
|
||||
"sns:GetTopicAttributes",
|
||||
"sns:Publish",
|
||||
"sns:RemovePermission",
|
||||
"sns:AddPermission",
|
||||
"sns:Receive",
|
||||
"sns:SetTopicAttributes"
|
||||
],
|
||||
"Resource": "arn:aws:sns:{{ aws_region }}:{{ aws_caller_info.account }}:{{ sns_topic_name }}"
|
||||
}
|
||||
]
|
||||
}
|
Loading…
Reference in New Issue