Use cwl policy

hashicorp · Dec 7, 2017 · cef7cec · cef7cec
1 parent cbc79a6
commit cef7cec
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 6 deletions.
diff --git a/aws/resource_aws_elasticsearch_domain.go b/aws/resource_aws_elasticsearch_domain.go
@@ -498,6 +498,7 @@ func resourceAwsElasticSearchDomainRead(d *schema.ResourceData, meta interface{}
 			mm := map[string]interface{}{}
 			mm["log_type"] = k
 			mm["cloud_watch_logs_log_group_arn"] = *val.CloudWatchLogsLogGroupArn
+			mm["enabled"] = *val.Enabled
 			m = append(m, mm)
 		}
 		d.Set("log_publishing_options", m)

diff --git a/aws/resource_aws_elasticsearch_domain_test.go b/aws/resource_aws_elasticsearch_domain_test.go
@@ -728,17 +728,39 @@ resource "aws_cloudwatch_log_group" "example" {
   name = "tf-test-%d"
 }
 
+resource "aws_cloudwatch_log_resource_policy" "example" {
+  policy_name = "tf-cwlp-%d"
+  policy_document = <<CONFIG
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "es.amazonaws.com"
+      },
+      "Action": [
+        "logs:PutLogEvents",
+        "logs:PutLogEventsBatch",
+        "logs:CreateLogStream"
+      ],
+      "Resource": "arn:aws:logs:*"
+    }
+  ]
+}
+CONFIG
+}
+
 resource "aws_elasticsearch_domain" "example" {
   domain_name = "tf-test-%d"
   ebs_options {
     ebs_enabled = true
     volume_size = 10
   }
-	log_publishing_options {
-		log_type = "INDEX_SLOW_LOGS"
-		cloud_watch_logs_log_group_arn = "${aws_cloudwatch_log_group.example.arn}"
-	}
+  log_publishing_options {
+    log_type = "INDEX_SLOW_LOGS"
+    cloud_watch_logs_log_group_arn = "${aws_cloudwatch_log_group.example.arn}"
+  }
 }
-
-`, randInt, randInt)
+`, randInt, randInt, randInt)
 }
diff --git a/website/docs/r/elasticsearch_domain.html.markdown b/website/docs/r/elasticsearch_domain.html.markdown
@@ -60,6 +60,7 @@ The following arguments are supported:
 * `cluster_config` - (Optional) Cluster configuration of the domain, see below.
 * `snapshot_options` - (Optional) Snapshot related options, see below.
 * `vpc_options` - (Optional) VPC related options, see below. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)).
+* `log_publishing_options` - (Optional) Options for publishing slow logs to CloudWatch Logs.
 * `elasticsearch_version` - (Optional) The version of ElasticSearch to deploy. Defaults to `1.5`
 * `tags` - (Optional) A mapping of tags to assign to the resource
 
@@ -95,6 +96,11 @@ Security Groups and Subnets referenced in these attributes must all be within th
 * `automated_snapshot_start_hour` - (Required) Hour during which the service takes an automated daily
 	snapshot of the indices in the domain.
 
+**log_publishing_options** supports the following attribute:
+
+* `log_type` - (Required) A type of Elasticsearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS
+* `cloud_watch_logs_log_group_arn` - (Required) ARN of the Cloudwatch log group to which log needs to be published.
+* `enabled` - (Optional, Default: true) Specifies whether given log publishing option is enabled or not.
 
 ## Attributes Reference