Merge pull request #10 from turbot/release/v0.1.1

misraved · web-flow · commit ab22f234d624 · 2025-02-06T18:29:28.000+05:30
Release/v0.2.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## v0.2.0 [2025-02-06]
+
+_Enhancements_
+
+- Add documentation for `activity_dashboard` and `root_user_activity_report` dashboards. ([#9](https://github.com/turbot/tailpipe-mod-aws-cloudtrail-log-detections/pull/9))
+
 ## v0.1.0 [2025-01-30]
 
 _What's new?_
diff --git a/dashboards/activity_dashboard.pp b/dashboards/activity_dashboard.pp
@@ -1,9 +1,10 @@
 dashboard "activity_dashboard" {
 
-  title = "CloudTrail Log Activity Dashboard"
+  title         = "CloudTrail Log Activity Dashboard"
+  documentation = file("./dashboards/docs/activity_dashboard.md")
 
   tags = {
-    type = "Dashboard"
+    type    = "Dashboard"
     service = "AWS/CloudTrail"
   }
 
diff --git a/dashboards/docs/activity_dashboard.md b/dashboards/docs/activity_dashboard.md
@@ -0,0 +1,10 @@
+This dashboard answers the following questions:
+
+- How many CloudTrail logs are recorded?
+- How many logs are generated per AWS account?
+- How many logs are generated per region?
+- Who are the top actors (excluding AWS services)?
+- What are the top source IPs (excluding AWS services and internal sources)?
+- What are the top AWS services generating logs (excluding read-only events)?
+- What are the top AWS events recorded (excluding read-only events)?
+
diff --git a/dashboards/docs/root_user_activity_report.md b/dashboards/docs/root_user_activity_report.md
@@ -0,0 +1,9 @@
+This dashboard answers the following questions:
+
+- How many root user actions have been recorded?
+- What specific operations have been performed by the root user?
+- Which AWS accounts have root user activity?
+- What are the source IPs of root user actions?
+- In which AWS regions has root user activity occurred?
+- Should read-only events be included in the analysis?
+- How many total logs exist for root user activity?
diff --git a/dashboards/root_user_activity_report.pp b/dashboards/root_user_activity_report.pp
@@ -1,9 +1,10 @@
 dashboard "root_user_activity_report" {
 
-  title = "CloudTrail Log Root User Activity Report"
+  title         = "CloudTrail Log Root User Activity Report"
+  documentation = file("./dashboards/docs/root_user_activity_report.md")
 
   tags = {
-    type = "Report"
+    type    = "Report"
     service = "AWS/CloudTrail"
   }
 
@@ -33,7 +34,7 @@
     card {
       query = query.root_user_activity_report_total_logs
       width = 2
-      args  = [
+      args = [
         self.input.read_only.value,
         self.input.aws_accounts.value
       ]
@@ -44,7 +45,7 @@
     table {
       title = "Note: This table shows a maximum of 10,000 rows"
       query = query.root_user_activity_report_table
-      args  = [
+      args = [
         self.input.read_only.value,
         self.input.aws_accounts.value
       ]
