Skip to content

Commit

Permalink
feat: Support aws_cloudwatch_query_definition and add `skip_destroy…
Browse files Browse the repository at this point in the history
…` argument to `aws_cloudwatch_log_group` (#60)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
Co-authored-by: magreenbaum <magreenbaum>
  • Loading branch information
magreenbaum and bryantbiggs authored Dec 12, 2023
1 parent 81f852a commit 5cc5efb
Show file tree
Hide file tree
Showing 26 changed files with 345 additions and 7 deletions.
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,13 +120,30 @@ module "cis_alarms" {

AWS CloudTrail normally publishes logs into AWS CloudWatch Logs. This module creates log metric filters together with metric alarms according to [CIS AWS Foundations Benchmark v1.4.0 (05-28-2021)](https://www.cisecurity.org/benchmark/amazon_web_services/). Read more about [CIS AWS Foundations Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html).

### Query Definition

```hcl
module "query_definition" {
source = "terraform-aws-modules/cloudwatch/aws//modules/query-definition"
version = "~> 4.0"
name = "my-query-definition"
log_group_names = ["my-log-group-name"]
query_string = <<EOF
fields @timestamp, @message
| sort @timestamp desc
| limit 25
EOF
}
```
## Examples

- [Complete Cloudwatch log metric filter and alarm](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/complete-log-metric-filter-and-alarm)
- [Cloudwatch log group with log stream](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/log-group-with-log-stream)
- [Cloudwatch metric alarms for AWS Lambda](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/lambda-metric-alarm)
- [Cloudwatch metric alarms for AWS Lambda with multiple dimensions](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/multiple-lambda-metric-alarm)
- [CIS AWS Foundations Controls: Metrics + Alarms](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/cis-alarms)
- [Cloudwatch query definition](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/query-definition)

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Expand Down
2 changes: 1 addition & 1 deletion examples/complete-log-metric-filter-and-alarm/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/complete-log-metric-filter-and-alarm/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0"
version = ">= 4.40"
}
}
}
2 changes: 1 addition & 1 deletion examples/log-group-with-log-stream/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |

## Providers

Expand Down
2 changes: 1 addition & 1 deletion examples/log-group-with-log-stream/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0"
version = ">= 4.40"
}
}
}
51 changes: 51 additions & 0 deletions examples/query-definition/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Cloudwatch query definition example

Configuration in this directory creates a Cloudwatch query definition for a specific Cloudwatch log group.

## Usage

To run this example you need to execute:

```bash
$ terraform init
$ terraform plan
$ terraform apply
```

Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |

## Providers

No providers.

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_log_group"></a> [log\_group](#module\_log\_group) | ../../modules/log-group | n/a |
| <a name="module_query_definition"></a> [query\_definition](#module\_query\_definition) | ../../modules/query-definition | n/a |

## Resources

No resources.

## Inputs

No inputs.

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_cloudwatch_log_group_arn"></a> [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | ARN of Cloudwatch log group |
| <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of Cloudwatch log group |
| <a name="output_cloudwatch_query_definition_id"></a> [cloudwatch\_query\_definition\_id](#output\_cloudwatch\_query\_definition\_id) | The query definition id |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
24 changes: 24 additions & 0 deletions examples/query-definition/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
provider "aws" {
region = "eu-west-1"
}

module "log_group" {
source = "../../modules/log-group"

name_prefix = "my-log-group-"
retention_in_days = 7
}

module "query_definition" {
source = "../../modules/query-definition"

name = "query-example"
log_group_names = [
module.log_group.cloudwatch_log_group_name
]
query_string = <<EOF
fields @timestamp, @message
| sort @timestamp desc
| limit 25
EOF
}
14 changes: 14 additions & 0 deletions examples/query-definition/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
output "cloudwatch_log_group_name" {
description = "Name of Cloudwatch log group"
value = module.log_group.cloudwatch_log_group_name
}

output "cloudwatch_log_group_arn" {
description = "ARN of Cloudwatch log group"
value = module.log_group.cloudwatch_log_group_arn
}

output "cloudwatch_query_definition_id" {
description = "The query definition id"
value = module.query_definition.cloudwatch_query_definition_id
}
Empty file.
10 changes: 10 additions & 0 deletions examples/query-definition/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
}
}
}
5 changes: 3 additions & 2 deletions modules/log-group/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |

## Modules

Expand All @@ -33,6 +33,7 @@ No modules.
| <a name="input_name"></a> [name](#input\_name) | A name for the log group | `string` | `null` | no |
| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A name prefix for the log group | `string` | `null` | no |
| <a name="input_retention_in_days"></a> [retention\_in\_days](#input\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no |
| <a name="input_skip_destroy"></a> [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to Cloudwatch log group | `map(string)` | `{}` | no |

## Outputs
Expand Down
1 change: 1 addition & 0 deletions modules/log-group/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ resource "aws_cloudwatch_log_group" "this" {
name_prefix = var.name_prefix
retention_in_days = var.retention_in_days
kms_key_id = var.kms_key_id
skip_destroy = var.skip_destroy

tags = var.tags
}
6 changes: 6 additions & 0 deletions modules/log-group/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ variable "kms_key_id" {
default = null
}

variable "skip_destroy" {
description = "Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state"
type = bool
default = null
}

variable "tags" {
description = "A map of tags to add to Cloudwatch log group"
type = map(string)
Expand Down
2 changes: 1 addition & 1 deletion modules/log-group/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0"
version = ">= 4.40"
}
}
}
41 changes: 41 additions & 0 deletions modules/query-definition/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# query-definition

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [aws_cloudwatch_query_definition.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_query_definition) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_create"></a> [create](#input\_create) | Whether to create the Cloudwatch query definition | `bool` | `true` | no |
| <a name="input_log_group_names"></a> [log\_group\_names](#input\_log\_group\_names) | Specific log groups to use with the query. | `list(string)` | `null` | no |
| <a name="input_name"></a> [name](#input\_name) | The name of the query. | `string` | n/a | yes |
| <a name="input_query_string"></a> [query\_string](#input\_query\_string) | The The query to save. | `string` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_cloudwatch_query_definition_id"></a> [cloudwatch\_query\_definition\_id](#output\_cloudwatch\_query\_definition\_id) | The query definition id. |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
7 changes: 7 additions & 0 deletions modules/query-definition/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resource "aws_cloudwatch_query_definition" "this" {
count = var.create ? 1 : 0

name = var.name
query_string = var.query_string
log_group_names = var.log_group_names
}
4 changes: 4 additions & 0 deletions modules/query-definition/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "cloudwatch_query_definition_id" {
description = "The query definition id."
value = try(aws_cloudwatch_query_definition.this[0].query_definition_id, "")
}
21 changes: 21 additions & 0 deletions modules/query-definition/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
variable "create" {
description = "Whether to create the Cloudwatch query definition"
type = bool
default = true
}

variable "name" {
description = "The name of the query."
type = string
}

variable "query_string" {
description = "The The query to save."
type = string
}

variable "log_group_names" {
description = "Specific log groups to use with the query."
type = list(string)
default = null
}
10 changes: 10 additions & 0 deletions modules/query-definition/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
}
}
}
1 change: 1 addition & 0 deletions wrappers/log-group/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ module "wrapper" {
name_prefix = try(each.value.name_prefix, var.defaults.name_prefix, null)
retention_in_days = try(each.value.retention_in_days, var.defaults.retention_in_days, null)
kms_key_id = try(each.value.kms_key_id, var.defaults.kms_key_id, null)
skip_destroy = try(each.value.skip_destroy, var.defaults.skip_destroy, null)
tags = try(each.value.tags, var.defaults.tags, {})
}
1 change: 1 addition & 0 deletions wrappers/log-metric-filter/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,5 @@ module "wrapper" {
metric_transformation_value = try(each.value.metric_transformation_value, var.defaults.metric_transformation_value, "1")
metric_transformation_default_value = try(each.value.metric_transformation_default_value, var.defaults.metric_transformation_default_value, null)
metric_transformation_unit = try(each.value.metric_transformation_unit, var.defaults.metric_transformation_unit, null)
metric_transformation_dimensions = try(each.value.metric_transformation_dimensions, var.defaults.metric_transformation_dimensions, {})
}
Loading

0 comments on commit 5cc5efb

Please sign in to comment.