mongodbatlas-cloudformation-resources/examples/auditing/auditing.json at master · mongodb/mongodbatlas-cloudformation-resources · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "This templates enables the Auditing property on an atlas project",
  "Parameters": {
    "ProjectId": {
      "Type": "String",
      "Description": "MongoDB Atlas Project ID"
    },
    "Profile": {
      "Type": "String",
      "Description": "Your MongoDB Atlas Profile Name created in secret manager",
      "Default": "default"
    }
  },
  "Mappings": {},
  "Resources": {
    "Auditing": {
      "Type": "MongoDB::Atlas::Auditing",
      "Properties": {
        "ProjectId": {
          "Ref": "ProjectId"
        },
        "AuditFilter": "{\n  \"$or\": [\n    {\n      \"users\": []\n    },\n    {\n      \"$and\": [\n        {\n          \"$or\": [\n            {\n              \"users\": {\n                \"$elemMatch\": {\n                  \"$or\": [\n                    {\n                      \"db\": \"admin\"\n                    },\n                    {\n                      \"db\": \"$external\"\n                    }\n                  ]\n                }\n              }\n            },\n            {\n              \"roles\": {\n                \"$elemMatch\": {\n                  \"$or\": [\n                    {\n                      \"db\": \"admin\"\n                    }\n                  ]\n                }\n              }\n            }\n          ]\n        },\n        {\n          \"$or\": [\n            {\n              \"atype\": \"authCheck\",\n              \"param.command\": {\n                \"$in\": [\n                  \"aggregate\",\n                  \"count\",\n                  \"distinct\",\n                  \"group\",\n                  \"mapReduce\",\n                  \"geoNear\",\n                  \"geoSearch\",\n                  \"eval\",\n                  \"find\",\n                  \"getLastError\",\n                  \"getMore\",\n                  \"getPrevError\",\n                  \"parallelCollectionScan\",\n                  \"delete\",\n                  \"findAndModify\",\n                  \"insert\",\n                  \"update\",\n                  \"resetError\"\n                ]\n              }\n            },\n            {\n              \"atype\": {\n                \"$in\": [\n                  \"authenticate\",\n                  \"createCollection\",\n                  \"createDatabase\",\n                  \"createIndex\",\n                  \"renameCollection\",\n                  \"dropCollection\",\n                  \"dropDatabase\",\n                  \"dropIndex\",\n                  \"createUser\",\n                  \"dropUser\",\n                  \"dropAllUsersFromDatabase\",\n                  \"updateUser\",\n                  \"grantRolesToUser\",\n                  \"revokeRolesFromUser\",\n                  \"createRole\",\n                  \"updateRole\",\n                  \"dropRole\",\n                  \"dropAllRolesFromDatabase\",\n                  \"grantRolesToRole\",\n                  \"revokeRolesFromRole\",\n                  \"grantPrivilegesToRole\",\n                  \"revokePrivilegesFromRole\",\n                  \"enableSharding\",\n                  \"shardCollection\",\n                  \"addShard\",\n                  \"removeShard\",\n                  \"shutdown\",\n                  \"applicationMessage\"\n                ]\n              }\n            }\n          ]\n        }\n      ]\n    }\n  ]\n}",
        "Profile": {
          "Ref": "Profile"
        }
      }
    }
  },
  "Outputs": {
    "Auditing": {
      "Value": {
        "Fn::GetAtt": [
          "Auditing",
          "AuditFilter"
        ]
      }
    }
  }
}