salt.modules.boto_cloudtrail

Connection module for Amazon CloudTrail

New in version 2016.3.0.

depends:
  • boto

  • boto3

The dependencies listed above can be installed via package or pip.

configuration:

This module accepts explicit Lambda credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

cloudtrail.keyid: GKTADJGHEIQSXMKKRBJ08H
cloudtrail.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

cloudtrail.region: us-east-1

If a region is not specified, the default is us-east-1.

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1
salt.modules.boto_cloudtrail.add_tags(Name, region=None, key=None, keyid=None, profile=None, **kwargs)

Add tags to a trail

Returns {tagged: true} if the trail was tagged and returns {tagged: False} if the trail was not tagged.

CLI Example:

salt myminion boto_cloudtrail.add_tags my_trail tag_a=tag_value tag_b=tag_value
salt.modules.boto_cloudtrail.create(Name, S3BucketName, S3KeyPrefix=None, SnsTopicName=None, IncludeGlobalServiceEvents=None, IsMultiRegionTrail=None, EnableLogFileValidation=None, CloudWatchLogsLogGroupArn=None, CloudWatchLogsRoleArn=None, KmsKeyId=None, region=None, key=None, keyid=None, profile=None)

Given a valid config, create a trail.

Returns {created: true} if the trail was created and returns {created: False} if the trail was not created.

CLI Example:

salt myminion boto_cloudtrail.create my_trail my_bucket
salt.modules.boto_cloudtrail.delete(Name, region=None, key=None, keyid=None, profile=None)

Given a trail name, delete it.

Returns {deleted: true} if the trail was deleted and returns {deleted: false} if the trail was not deleted.

CLI Example:

salt myminion boto_cloudtrail.delete mytrail
salt.modules.boto_cloudtrail.describe(Name, region=None, key=None, keyid=None, profile=None)

Given a trail name describe its properties.

Returns a dictionary of interesting properties.

CLI Example:

salt myminion boto_cloudtrail.describe mytrail
salt.modules.boto_cloudtrail.exists(Name, region=None, key=None, keyid=None, profile=None)

Given a trail name, check to see if the given trail exists.

Returns True if the given trail exists and returns False if the given trail does not exist.

CLI Example:

salt myminion boto_cloudtrail.exists mytrail
salt.modules.boto_cloudtrail.list(region=None, key=None, keyid=None, profile=None)

List all trails

Returns list of trails

CLI Example:

policies:
  - {...}
  - {...}
salt.modules.boto_cloudtrail.list_tags(Name, region=None, key=None, keyid=None, profile=None)

List tags of a trail

Returns:

  • {...}

  • {...}

Return type:

tags

CLI Example:

salt myminion boto_cloudtrail.list_tags my_trail
salt.modules.boto_cloudtrail.remove_tags(Name, region=None, key=None, keyid=None, profile=None, **kwargs)

Remove tags from a trail

Returns {tagged: true} if the trail was tagged and returns {tagged: False} if the trail was not tagged.

CLI Example:

salt myminion boto_cloudtrail.remove_tags my_trail tag_a=tag_value tag_b=tag_value
salt.modules.boto_cloudtrail.start_logging(Name, region=None, key=None, keyid=None, profile=None)

Start logging for a trail

Returns {started: true} if the trail was started and returns {started: False} if the trail was not started.

CLI Example:

salt myminion boto_cloudtrail.start_logging my_trail
salt.modules.boto_cloudtrail.status(Name, region=None, key=None, keyid=None, profile=None)

Given a trail name describe its properties.

Returns a dictionary of interesting properties.

CLI Example:

salt myminion boto_cloudtrail.describe mytrail
salt.modules.boto_cloudtrail.stop_logging(Name, region=None, key=None, keyid=None, profile=None)

Stop logging for a trail

Returns {stopped: true} if the trail was stopped and returns {stopped: False} if the trail was not stopped.

CLI Example:

salt myminion boto_cloudtrail.stop_logging my_trail
salt.modules.boto_cloudtrail.update(Name, S3BucketName, S3KeyPrefix=None, SnsTopicName=None, IncludeGlobalServiceEvents=None, IsMultiRegionTrail=None, EnableLogFileValidation=None, CloudWatchLogsLogGroupArn=None, CloudWatchLogsRoleArn=None, KmsKeyId=None, region=None, key=None, keyid=None, profile=None)

Given a valid config, update a trail.

Returns {created: true} if the trail was created and returns {created: False} if the trail was not created.

CLI Example:

salt myminion boto_cloudtrail.update my_trail my_bucket