Merge pull request #191 from tablexi/fix_cloudtrail_logging_bucket

Create unique logging bucket for Cloudtrail module

aws/cloudtrail/main.tf

@@ -5,21 +5,28 @@ resource "aws_cloudtrail" "mod" {
   enable_logging                = true
   enable_log_file_validation    = true
 
-  cloud_watch_logs_group_arn    = var.cloud_watch_logs_group_arn
-  cloud_watch_logs_role_arn     = var.cloud_watch_logs_role_arn
+  cloud_watch_logs_group_arn = var.cloud_watch_logs_group_arn
+  cloud_watch_logs_role_arn  = var.cloud_watch_logs_role_arn
 
-  tags                          = var.tags
+  tags = var.tags
+}
+
+resource "aws_s3_bucket" "logs" {
+  bucket_prefix = "${var.name}-cloudtrail-logs"
+  acl           = "log-delivery-write"
+
+  tags = var.tags
 }
 
 resource "aws_s3_bucket" "mod" {
   bucket = "${var.name}-cloudtrail"
   acl    = "private"
   policy = data.aws_iam_policy_document.s3.json
 
-  tags   = var.tags
+  tags = var.tags
 
   logging {
-    target_bucket = "cloudtrail-logs"
+    target_bucket = aws_s3_bucket.logs.id
     target_prefix = var.name
   }
 }