@ -20,7 +20,7 @@ module: cloudtrail
short_description : manage CloudTrail creation and deletion
short_description : manage CloudTrail creation and deletion
description :
description :
- Creates or deletes CloudTrail configuration . Ensures logging is also enabled . This module has a dependency on python - boto > = 2.21 .
- Creates or deletes CloudTrail configuration . Ensures logging is also enabled . This module has a dependency on python - boto > = 2.21 .
version_added : " 1.7.3 "
version_added : " 2.0 "
author : Ted Timmons
author : Ted Timmons
requirements : [ " boto " ]
requirements : [ " boto " ]
options :
options :
@ -28,7 +28,7 @@ options:
description :
description :
- add or remove CloudTrail configuration .
- add or remove CloudTrail configuration .
required : true
required : true
choices : [ ' enabled ' , ' absent ' ]
choices : [ ' enabled ' , ' disabled ' ]
name :
name :
description :
description :
- name for given CloudTrail configuration .
- name for given CloudTrail configuration .
@ -76,12 +76,12 @@ extends_documentation_fragment: aws
EXAMPLES = """
EXAMPLES = """
- name : enable cloudtrail
- name : enable cloudtrail
local_action : cloudtrail >
local_action : cloudtrail
state = enabled name = main s3_bucket_name = ourbucket
state = enabled name = main s3_bucket_name = ourbucket
s3_key_prefix = cloudtrail region = us - east - 1
s3_key_prefix = cloudtrail region = us - east - 1
- name : enable cloudtrail with different configuration
- name : enable cloudtrail with different configuration
local_action : cloudtrail >
local_action : cloudtrail
state = enabled name = main s3_bucket_name = ourbucket2
state = enabled name = main s3_bucket_name = ourbucket2
s3_key_prefix = ' ' region = us - east - 1
s3_key_prefix = ' ' region = us - east - 1
@ -94,13 +94,13 @@ import sys
import os
import os
from collections import Counter
from collections import Counter
boto_import_failed = False
try :
try :
import boto
import boto
import boto . cloudtrail
import boto . cloudtrail
from boto . regioninfo import RegionInfo
from boto . regioninfo import RegionInfo
except ImportError :
except ImportError :
print " failed=True msg= ' boto required for this module ' "
boto_import_failed = True
sys . exit ( 1 )
class CloudTrailManager :
class CloudTrailManager :
""" Handles cloudtrail configuration """
""" Handles cloudtrail configuration """
@ -150,23 +150,25 @@ class CloudTrailManager:
def main ( ) :
def main ( ) :
if not has_libcloud :
module . fail_json ( msg = ' boto is required. ' )
argument_spec = ec2_argument_spec ( )
argument_spec = ec2_argument_spec ( )
argument_spec . update ( dict (
argument_spec . update ( dict (
state = { ' required ' : True , ' choices ' : [ ' enabled ' , ' absent ' ] } ,
state = { ' required ' : True , ' choices ' : [ ' enabled ' , ' disabled ' ] } ,
name = { ' required ' : True , ' type ' : ' str ' } ,
name = { ' required ' : True , ' type ' : ' str ' } ,
s3_bucket_name = { ' required ' : False , ' type ' : ' str ' } ,
s3_bucket_name = { ' required ' : False , ' type ' : ' str ' } ,
s3_key_prefix = { ' default ' : ' ' , ' required ' : False , ' type ' : ' str ' } ,
s3_key_prefix = { ' default ' : ' ' , ' required ' : False , ' type ' : ' str ' } ,
include_global_events = { ' default ' : True , ' required ' : False , ' type ' : ' bool ' } ,
include_global_events = { ' default ' : True , ' required ' : False , ' type ' : ' bool ' } ,
) )
) )
required_together = ( [ ' state ' , ' s3_bucket_name ' ] )
module = AnsibleModule ( argument_spec = argument_spec , supports_check_mode = True )
module = AnsibleModule ( argument_spec = argument_spec , supports_check_mode = True , required_together = required_together )
ec2_url , access_key , secret_key , region = get_ec2_creds ( module )
ec2_url , access_key , secret_key , region = get_ec2_creds ( module )
aws_connect_params = dict ( aws_access_key_id = access_key ,
aws_connect_params = dict ( aws_access_key_id = access_key ,
aws_secret_access_key = secret_key )
aws_secret_access_key = secret_key )
if module . params [ ' state ' ] == ' enabled ' and not module . params [ ' s3_bucket_name ' ] :
module . fail_json ( msg = " s3_bucket_name must be specified as a parameter when creating a cloudtrail " )
if not region :
if not region :
module . fail_json ( msg = " Region must be specified as a parameter, in EC2_REGION or AWS_REGION environment variables or in boto configuration file " )
module . fail_json ( msg = " Region must be specified as a parameter, in EC2_REGION or AWS_REGION environment variables or in boto configuration file " )
@ -209,7 +211,7 @@ def main():
results [ ' changed ' ] = True
results [ ' changed ' ] = True
# delete the cloudtrai
# delete the cloudtrai
elif module . params [ ' state ' ] == ' absent ' :
elif module . params [ ' state ' ] == ' disabled ' :
# check to see if it exists before deleting.
# check to see if it exists before deleting.
results [ ' exists ' ] = cf_man . exists ( name = ct_name )
results [ ' exists ' ] = cf_man . exists ( name = ct_name )
if results [ ' exists ' ] :
if results [ ' exists ' ] :