Skip to content

terraform-yacloud-modules/terraform-yandex-clickops-notifier

BranchesTags

Repository files navigation

Yandex Cloud ClickOps Notifier Terraform module

Terraform module which creates Yandex Cloud ClickOps Notifier resources. ClickOps notifier is based on Yandex Cloud Function that monitors audit logs for manual actions (ClickOps) in your Yandex Cloud environment. When such actions are detected, the function sends notifications to Slack or Telegram to ensure compliance and visibility.

yandex-clickops-notifier-architecture

Examples

Examples codified under the examples are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!

Requirements

Name Version
terraform >= 1.3
archive >= 2.0
yandex >= 0.72.0

Providers

Name Version
archive >= 2.0
yandex >= 0.72.0

Modules

Name Source Version
audit_trails git::https://github.com/terraform-yacloud-modules/terraform-yandex-audit-trails.git v2.0.0
audit_trails_logging_group git::https://github.com/terraform-yacloud-modules/terraform-yandex-logging-group.git v1.0.0
function git::https://github.com/terraform-yacloud-modules/terraform-yandex-function.git rc/1.1.0
function_logging_group git::https://github.com/terraform-yacloud-modules/terraform-yandex-logging-group.git v1.0.0
iam_account git::https://github.com/terraform-yacloud-modules/terraform-yandex-iam.git//modules/iam-account v1.0.0
kms_key git::https://github.com/terraform-yacloud-modules/terraform-yandex-kms.git v1.0.0
lockbox git::https://github.com/terraform-yacloud-modules/terraform-yandex-lockbox.git rc/1.14.0

Resources

Name Type
yandex_function_trigger.audit_trigger resource
archive_file.clickopsnotifier_zip data source
yandex_client_config.client data source

Inputs

Name Description Type Default Required
audit_trail_data_events_filter Structure describing filtering process for the service-specific data events 
list(object({
    service : string
    resource_id : optional(string)
    resource_type : string
    included_events : optional(list(string))
    excluded_events : optional(list(string))
  }))
 
[
  {
    "resource_type": "resource-manager.folder",
    "service": "apploadbalancer"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "mdb.mysql"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "compute"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "mdb.mongodb"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "lockbox"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "kms"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "iam"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "dns"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "smartwebsecurity"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "mdb.postgresql"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "websql"
  },
  {
    "resource_type": "resource-manager.folder",
    "service": "storage"
  }
]
 no
audit_trail_management_events_filters Structure describing filtering process for management events 
list(object({
    resource_id : optional(string)
    resource_type : string
  }))
 
[
  {
    "resource_type": "resource-manager.folder"
  }
]
 no
blank_name Blank name which will be used for all resources string "clickops" no
excluded_event_sources List of event sources that won't raise notifications. Format: a comma-separated string. string null no
excluded_event_types List of event types that won't raise notifications. Format: a comma-separated string. string null no
excluded_subject_names List of subject names that won't raise notifications. Format: a comma-separated string. string null no
excluded_subject_types List of subject types that won't raise notifications. Format: a comma-separated string. string null no
folder_id Folder ID string null no
function_log_level The default logging level for clickopsnotifier function string "INFO" no
function_trigger_batch_cutoff Batch Duration in seconds for Yandex Cloud Functions Trigger number 10 no
function_trigger_batch_size Batch Size for Yandex Cloud Functions Trigger number 10 no
labels A set of labels map(string) {} no
slack_cc List of Slack usernames to be added as CC to the notification message.
Provide this as a string separated by comma representing slack username ids (e.g., <@U0422RZRC77>", <@U042211RC00>").		 string "-" no
slack_webhook_url List of subject names that won't raise notifications. Format: a comma-separated string. string "-" no
telegram_cc List of Telegram usernames to be added as CC to the notification message.
Provide this as a string separated by comma representing Telegram usernames (e.g., user1, user2).		 string "-" no
telegram_chat_ids List of Telegram chat IDs that will be used for notifications.
Ensure the provided telegram_token has access to the specified chat IDs.		 string "-" no
telegram_token List of subject names that won't raise notifications. Format: a comma-separated string. string "-" no

Outputs

No outputs.

License

Apache-2.0 Licensed. See LICENSE.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 4

v1.2.0 Latest
Nov 22, 2024
+ 3 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages