I would like to import and s3 bucket from a different aws account. Currently, I’ve configured all of our AWS accounts with infrastructure that adheres to the CIS foundations benchmark. One of the resources
resource "aws_cloudtrail" "nfcisbenchmark" {
count = var.environment == "billing" ? 1 : 0
name = "${var.name}"
s3_bucket_name = "nf-cisbenchmark-nf-logging-cloudtrail"
enable_logging = true
# 3.2 Ensure CloudTrail log file validation is enabled (Automated)
enable_log_file_validation = true
# 3.1 Ensure CloudTrail is enabled in all regions (Automated)
is_multi_region_trail = true
# CIS Benchmark 3.1 Ensure CloudTrail is enabled in all regions
# ensuring that a multi-regions trail exists will ensure that Global Service Logging
# is enabled for a trail by default to capture recording of events generated on AWS
# global services
include_global_service_events = true
is_organization_trail = "${var.environment == "billing"? true : false}"
# 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Automated)
kms_key_id = aws_kms_key.nfcisbenchmark.arn
depends_on = [aws_s3_bucket.nfcisbenchmark_cloudtrail]
cloud_watch_logs_role_arn = aws_iam_role.cloudwatch.arn
cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.nfcisbenchmark.arn}:*"
event_selector {
# 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket (Automated)
read_write_type = "All"
include_management_events = true
}
// Tags
tags = {
Name = "${var.name}-cloudtrail"
cost_environment = "${local.cost_environment}"
cost_category = "SEC"
cost_team_owner = "MOPRAV"
}
}
references and aws_s3_bucket resource from a different aws account. Ideally, I’d like to import this resources so that it can be used like so
resource "aws_cloudtrail" "nfcisbenchmark" {
count = var.environment == "billing" ? 1 : 0
name = "${var.name}"
s3_bucket_name = "nf-cisbenchmark-nf-logging-cloudtrail"
enable_logging = true
# 3.2 Ensure CloudTrail log file validation is enabled (Automated)
enable_log_file_validation = true
# 3.1 Ensure CloudTrail is enabled in all regions (Automated)
is_multi_region_trail = true
# CIS Benchmark 3.1 Ensure CloudTrail is enabled in all regions
# ensuring that a multi-regions trail exists will ensure that Global Service Logging
# is enabled for a trail by default to capture recording of events generated on AWS
# global services
include_global_service_events = true
is_organization_trail = "${var.environment == "billing"? true : false}"
# 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Automated)
kms_key_id = aws_kms_key.nfcisbenchmark.arn
depends_on = [data.aws_s3_bucket.nfcisbenchmark_cloudtrail]
cloud_watch_logs_role_arn = aws_iam_role.cloudwatch.arn
cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.nfcisbenchmark.arn}:*"
event_selector {
# 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket (Automated)
read_write_type = "All"
include_management_events = true
}
// Tags
tags = {
Name = "${var.name}-cloudtrail"
cost_environment = "${local.cost_environment}"
cost_category = "SEC"
cost_team_owner = "MOPRAV"
}
}
The specific line is data.aws_s3_bucket.nfcisbenchmark_cloudtrail. Any help with this would be greatly appreciated.