Add docs for activity_dashboard and root_user_activity_report dashboards (#9)

misraved · web-flow · commit 8b63e5fed125 · 2025-02-06T18:26:02.000+05:30
diff --git a/dashboards/activity_dashboard.pp b/dashboards/activity_dashboard.pp
@@ -1,9 +1,10 @@
 dashboard "activity_dashboard" {
 
-  title = "CloudTrail Log Activity Dashboard"
+  title         = "CloudTrail Log Activity Dashboard"
+  documentation = file("./dashboards/docs/activity_dashboard.md")
 
   tags = {
-    type = "Dashboard"
+    type    = "Dashboard"
     service = "AWS/CloudTrail"
   }
 
diff --git a/dashboards/docs/activity_dashboard.md b/dashboards/docs/activity_dashboard.md
@@ -0,0 +1,10 @@
+This dashboard answers the following questions:
+
+- How many CloudTrail logs are recorded?
+- How many logs are generated per AWS account?
+- How many logs are generated per region?
+- Who are the top actors (excluding AWS services)?
+- What are the top source IPs (excluding AWS services and internal sources)?
+- What are the top AWS services generating logs (excluding read-only events)?
+- What are the top AWS events recorded (excluding read-only events)?
+
diff --git a/dashboards/docs/root_user_activity_report.md b/dashboards/docs/root_user_activity_report.md
@@ -0,0 +1,9 @@
+This dashboard answers the following questions:
+
+- How many root user actions have been recorded?
+- What specific operations have been performed by the root user?
+- Which AWS accounts have root user activity?
+- What are the source IPs of root user actions?
+- In which AWS regions has root user activity occurred?
+- Should read-only events be included in the analysis?
+- How many total logs exist for root user activity?
diff --git a/dashboards/root_user_activity_report.pp b/dashboards/root_user_activity_report.pp
@@ -1,9 +1,10 @@
 dashboard "root_user_activity_report" {
 
-  title = "CloudTrail Log Root User Activity Report"
+  title         = "CloudTrail Log Root User Activity Report"
+  documentation = file("./dashboards/docs/root_user_activity_report.md")
 
   tags = {
-    type = "Report"
+    type    = "Report"
     service = "AWS/CloudTrail"
   }
 
@@ -33,7 +34,7 @@
     card {
       query = query.root_user_activity_report_total_logs
       width = 2
-      args  = [
+      args = [
         self.input.read_only.value,
         self.input.aws_accounts.value
       ]
@@ -44,7 +45,7 @@
     table {
       title = "Note: This table shows a maximum of 10,000 rows"
       query = query.root_user_activity_report_table
-      args  = [
+      args = [
         self.input.read_only.value,
         self.input.aws_accounts.value
       ]
