Terraform AWS CloudWatch Log groups, metric alarms, dashboards, retention settings, subscription filters, and event rules used for monitoring, alerting, forensic visibility, and audit support.
Controls enforced These compliance controls are checked at terraform plan time.
Quick start NIST Cybersecurity Framework v2.0 SOC 2 ACSC Essential Eight AWS Well-Architected Framework v10 CCCS Medium Cloud Control Profile EU GMP Annex 11 FedRAMP Low Baseline Rev 4 FedRAMP Moderate Baseline Rev 4
module "cloudwatch" { source = "nistcsf.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } module "cloudwatch" { source = "soc2.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } module "cloudwatch" { source = "acscessentialeight.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } module "cloudwatch" { source = "awswellarchitected.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } module "cloudwatch" { source = "cccsmedium.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } module "cloudwatch" { source = "eugmpannex11.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } module "cloudwatch" { source = "fedramplow.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } module "cloudwatch" { source = "fedrampmoderate.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" # ... your arguments here } See the Get Started guide and Registry Endpoints for details on how to customize the module for your requirements.
Migration from upstream Already using terraform-aws-modules? Change only the source URL:
Before After
module "cloudwatch" { source = "terraform-aws-modules/cloudwatch/aws" version = "1.0" } module "cloudwatch" { source = "soc2.compliance.tf/terraform-aws-modules/cloudwatch/aws" version = "1.0" } Same arguments. Same outputs. Controls are checked at terraform plan. See the Migration Guide for step-by-step instructions.
Reversibility No lock-in. Switch back by reverting the source URL:
module "cloudwatch" { source = "terraform-aws-modules/cloudwatch/aws" } Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.
Mapped compliance frameworks NIST Cybersecurity Framework v2.0 SOC 2 ACSC Essential Eight AWS Well-Architected Framework v10 CCCS Medium Cloud Control Profile EU GMP Annex 11 FedRAMP Low Baseline Rev 4 FedRAMP Moderate Baseline Rev 4
CC4.2 COSO Principle 17: The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate
CC7.4 The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate
ACSC-EE-ML3-7.10: Multi-factor authentication ML3
REL11-BP06: Send notifications when events impact availability
AC-2(4): Automated Audit Actions
AU-7 (1): Automatic Processing
Framework coverage Which controls from this module are active under each framework endpoint.
● enforced by default · ○ not activated by this endpoint
