-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_trail.rb
79 lines (69 loc) · 2.36 KB
/
create_trail.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
# frozen_string_literal: true
# Demonstrates how to create an AWS CloudTrail trail
# snippet-start:[cloudtrail.Ruby.createTrail]
require "aws-sdk-cloudtrail" # v2: require 'aws-sdk'
require "aws-sdk-s3"
require "aws-sdk-sts"
def create_trail_example(s3_client, sts_client, cloudtrail_client, trail_name, bucket_name)
resp = sts_client.get_caller_identity({})
account_id = resp.account
# Attach policy to an Amazon Simple Storage Service (S3) bucket.
s3_client.create_bucket(bucket: bucket_name)
begin
policy = {
"Version" => "2012-10-17",
"Statement" => [
{
"Sid" => "AWSCloudTrailAclCheck20150319",
"Effect" => "Allow",
"Principal" => {
"Service" => "cloudtrail.amazonaws.com"
},
"Action" => "s3:GetBucketAcl",
"Resource" => "arn:aws:s3:::#{bucket_name}"
},
{
"Sid" => "AWSCloudTrailWrite20150319",
"Effect" => "Allow",
"Principal" => {
"Service" => "cloudtrail.amazonaws.com"
},
"Action" => "s3:PutObject",
"Resource" => "arn:aws:s3:::#{bucket_name}/AWSLogs/#{account_id}/*",
"Condition" => {
"StringEquals" => {
"s3:x-amz-acl" => "bucket-owner-full-control"
}
}
}
]
}.to_json
s3_client.put_bucket_policy(
bucket: bucket_name,
policy: policy
)
puts "Successfully added policy to bucket #{bucket_name}"
end
begin
cloudtrail_client.create_trail({
name: trail_name, # required
s3_bucket_name: bucket_name # required
})
puts "Successfully created trail: #{trail_name}."
rescue StandardError => e
puts "Got error trying to create trail #{trail_name}:\n #{e}"
puts e
exit 1
end
# snippet-end:[cloudtrail.Ruby.createTrail]
end
if __FILE__ == $0
@s3_client = Aws::S3::Client.new
@sts_client = Aws::STS::Client.new
@cloudtrail_client = Aws::CloudTrail::Client.new
trail_name = "example-code-trail-#{rand(10**4)}"
bucket_name = "example-code-bucket-#{rand(10**4)}"
create_trail_example(@s3_client, @sts_client, @cloudtrail_client, trail_name, bucket_name)
end