From 008e6513564d405c56347bccd597a554aec9b941 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sun, 11 Dec 2022 14:45:58 -0500 Subject: [PATCH 01/10] manage cloudwatch log groups --- README.md | 4 ++++ examples/postgresql/main.tf | 1 + main.tf | 16 ++++++++++++++++ variables.tf | 22 ++++++++++++++++++++++ 4 files changed, 43 insertions(+) diff --git a/README.md b/README.md index 4e0b0684..b371824c 100644 --- a/README.md +++ b/README.md @@ -245,6 +245,7 @@ No modules. |------|------| | [aws_appautoscaling_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource | | [aws_appautoscaling_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource | +| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_db_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource | | [aws_db_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | | [aws_iam_role.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | @@ -285,11 +286,14 @@ No modules. | [backtrack\_window](#input\_backtrack\_window) | The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | `number` | `null` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for. Default `7` | `number` | `7` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no | +| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no | +| [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no | | [cluster\_members](#input\_cluster\_members) | List of RDS Instances that are a part of this cluster | `list(string)` | `null` | no | | [cluster\_tags](#input\_cluster\_tags) | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | `map(string)` | `{}` | no | | [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no | | [cluster\_use\_name\_prefix](#input\_cluster\_use\_name\_prefix) | Whether to use `name` as a prefix for the cluster | `bool` | `false` | no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy all Cluster `tags` to snapshots | `bool` | `null` | no | +| [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no | | [create\_cluster](#input\_create\_cluster) | Whether cluster should be created (affects nearly all resources) | `bool` | `true` | no | | [create\_db\_cluster\_parameter\_group](#input\_create\_db\_cluster\_parameter\_group) | Determines whether a cluster parameter should be created or use existing | `bool` | `false` | no | | [create\_db\_parameter\_group](#input\_create\_db\_parameter\_group) | Determines whether a DB parameter should be created or use existing | `bool` | `false` | no | diff --git a/examples/postgresql/main.tf b/examples/postgresql/main.tf index 18c0c229..7658bb26 100644 --- a/examples/postgresql/main.tf +++ b/examples/postgresql/main.tf @@ -102,6 +102,7 @@ module "aurora" { ] enabled_cloudwatch_logs_exports = ["postgresql"] + create_cloudwatch_log_group = true tags = local.tags } diff --git a/main.tf b/main.tf index 0c26b637..f9451db8 100644 --- a/main.tf +++ b/main.tf @@ -164,6 +164,8 @@ resource "aws_rds_cluster" "this" { global_cluster_identifier, ] } + + depends_on = [aws_cloudwatch_log_group.this] } ################################################################################ @@ -426,3 +428,17 @@ resource "aws_db_parameter_group" "this" { tags = var.tags } + +################################################################################ +# CloudWatch Log Group +################################################################################ + +resource "aws_cloudwatch_log_group" "this" { + for_each = toset([for log in var.enabled_cloudwatch_logs_exports : log if local.create_cluster && var.create_cloudwatch_log_group]) + + name = "/aws/rds/cluster/${var.name}/${each.value}" + retention_in_days = var.cloudwatch_log_group_retention_in_days + kms_key_id = var.cloudwatch_log_group_kms_key_id + + tags = var.tags +} diff --git a/variables.tf b/variables.tf index f38e63ec..b2edbe96 100644 --- a/variables.tf +++ b/variables.tf @@ -672,3 +672,25 @@ variable "putin_khuylo" { type = bool default = true } + +################################################################################ +# CloudWatch Log Group +################################################################################ + +variable "create_cloudwatch_log_group" { + description = "Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports`" + type = bool + default = false +} + +variable "cloudwatch_log_group_retention_in_days" { + description = "The number of days to retain CloudWatch logs for the DB instance" + type = number + default = 7 +} + +variable "cloudwatch_log_group_kms_key_id" { + description = "The ARN of the KMS Key to use when encrypting log data" + type = string + default = null +} From 20e07dc2aa37821d276b94f0a46ef901fddc8482 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 16 Dec 2022 21:21:04 -0500 Subject: [PATCH 02/10] updates --- README.md | 1 + examples/global-cluster/main.tf | 12 +++++++----- examples/postgresql/README.md | 1 + examples/postgresql/outputs.tf | 9 +++++++++ outputs.tf | 9 +++++++++ 5 files changed, 27 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b371824c..6bd8a4a5 100644 --- a/README.md +++ b/README.md @@ -396,6 +396,7 @@ No modules. | [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas | | [cluster\_resource\_id](#output\_cluster\_resource\_id) | The RDS Cluster Resource ID | | [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes | +| [db\_cluster\_cloudwatch\_log\_groups](#output\_db\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_cluster\_parameter\_group\_arn](#output\_db\_cluster\_parameter\_group\_arn) | The ARN of the DB cluster parameter group created | | [db\_cluster\_parameter\_group\_id](#output\_db\_cluster\_parameter\_group\_id) | The ID of the DB cluster parameter group created | | [db\_parameter\_group\_arn](#output\_db\_parameter\_group\_arn) | The ARN of the DB parameter group created | diff --git a/examples/global-cluster/main.tf b/examples/global-cluster/main.tf index 9f261330..5b034c20 100644 --- a/examples/global-cluster/main.tf +++ b/examples/global-cluster/main.tf @@ -52,11 +52,13 @@ module "aurora_primary" { instances = { for i in range(2) : i => {} } kms_key_id = aws_kms_key.primary.arn - vpc_id = module.primary_vpc.vpc_id - db_subnet_group_name = module.primary_vpc.database_subnet_group_name - create_db_subnet_group = false - create_security_group = true - allowed_cidr_blocks = module.primary_vpc.private_subnets_cidr_blocks + vpc_id = module.primary_vpc.vpc_id + db_subnet_group_name = module.primary_vpc.database_subnet_group_name + create_db_subnet_group = false + create_security_group = true + allowed_cidr_blocks = module.primary_vpc.private_subnets_cidr_blocks + enabled_cloudwatch_logs_exports = ["postgresql"] + create_cloudwatch_log_group = true skip_final_snapshot = true diff --git a/examples/postgresql/README.md b/examples/postgresql/README.md index 12cefab0..7770981d 100644 --- a/examples/postgresql/README.md +++ b/examples/postgresql/README.md @@ -67,6 +67,7 @@ No inputs. | [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes | | [db\_cluster\_parameter\_group\_arn](#output\_db\_cluster\_parameter\_group\_arn) | The ARN of the DB cluster parameter group created | | [db\_cluster\_parameter\_group\_id](#output\_db\_cluster\_parameter\_group\_id) | The ID of the DB cluster parameter group created | +| [db\_default\_cloudwatch\_log\_groups](#output\_db\_default\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_parameter\_group\_arn](#output\_db\_parameter\_group\_arn) | The ARN of the DB parameter group created | | [db\_parameter\_group\_id](#output\_db\_parameter\_group\_id) | The ID of the DB parameter group created | | [db\_subnet\_group\_name](#output\_db\_subnet\_group\_name) | The db subnet group name | diff --git a/examples/postgresql/outputs.tf b/examples/postgresql/outputs.tf index 8c69dac5..2fe1eeb4 100644 --- a/examples/postgresql/outputs.tf +++ b/examples/postgresql/outputs.tf @@ -131,3 +131,12 @@ output "db_parameter_group_id" { description = "The ID of the DB parameter group created" value = module.aurora.db_parameter_group_id } + +################################################################################ +# Cloudwatch Log Group +################################################################################ + +output "db_default_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora.db_cluster_cloudwatch_log_groups +} diff --git a/outputs.tf b/outputs.tf index 52ab0312..2a9fe2bf 100644 --- a/outputs.tf +++ b/outputs.tf @@ -156,3 +156,12 @@ output "db_parameter_group_id" { description = "The ID of the DB parameter group created" value = try(aws_db_parameter_group.this[0].id, "") } + +################################################################################ +# CloudWatch Log Group +################################################################################ + +output "db_cluster_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = aws_cloudwatch_log_group.this +} From bc914132342300f4a595784bcb7653d7c53cd373 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sat, 17 Dec 2022 16:41:03 -0500 Subject: [PATCH 03/10] updates --- examples/autoscaling/README.md | 1 + examples/autoscaling/outputs.tf | 6 ++++++ examples/global-cluster/README.md | 2 ++ examples/global-cluster/main.tf | 1 - examples/global-cluster/outputs.tf | 12 ++++++++++++ examples/multi-az/README.md | 1 + examples/multi-az/outputs.tf | 9 +++++++++ examples/mysql/README.md | 1 + examples/mysql/outputs.tf | 9 +++++++++ examples/postgresql/README.md | 2 +- examples/postgresql/outputs.tf | 2 +- examples/s3-import/README.md | 1 + examples/s3-import/outputs.tf | 6 ++++++ examples/serverless/README.md | 1 + examples/serverless/outputs.tf | 6 ++++++ 15 files changed, 57 insertions(+), 3 deletions(-) diff --git a/examples/autoscaling/README.md b/examples/autoscaling/README.md index a88d688f..f984b22d 100644 --- a/examples/autoscaling/README.md +++ b/examples/autoscaling/README.md @@ -66,6 +66,7 @@ No inputs. | [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas | | [cluster\_resource\_id](#output\_cluster\_resource\_id) | The RDS Cluster Resource ID | | [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes | +| [db\_cluster\_cloudwatch\_log\_groups](#output\_db\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_subnet\_group\_name](#output\_db\_subnet\_group\_name) | The db subnet group name | | [enhanced\_monitoring\_iam\_role\_arn](#output\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role | | [enhanced\_monitoring\_iam\_role\_name](#output\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role | diff --git a/examples/autoscaling/outputs.tf b/examples/autoscaling/outputs.tf index 2ba2da79..1e887a1a 100644 --- a/examples/autoscaling/outputs.tf +++ b/examples/autoscaling/outputs.tf @@ -107,3 +107,9 @@ output "security_group_id" { description = "The security group ID of the cluster" value = module.aurora.security_group_id } + +# Cloudwatch log groups +output "db_cluster_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora.db_cluster_cloudwatch_log_groups +} diff --git a/examples/global-cluster/README.md b/examples/global-cluster/README.md index 2cba25d0..00784618 100644 --- a/examples/global-cluster/README.md +++ b/examples/global-cluster/README.md @@ -58,6 +58,7 @@ No inputs. |------|-------------| | [mysql\_additional\_cluster\_endpoints](#output\_mysql\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes | | [mysql\_cluster\_arn](#output\_mysql\_cluster\_arn) | Amazon Resource Name (ARN) of cluster | +| [mysql\_cluster\_cloudwatch\_log\_groups](#output\_mysql\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [mysql\_cluster\_database\_name](#output\_mysql\_cluster\_database\_name) | Name for an automatically created database on cluster creation | | [mysql\_cluster\_endpoint](#output\_mysql\_cluster\_endpoint) | Writer endpoint for the cluster | | [mysql\_cluster\_engine\_version\_actual](#output\_mysql\_cluster\_engine\_version\_actual) | The running version of the cluster database | @@ -78,6 +79,7 @@ No inputs. | [mysql\_security\_group\_id](#output\_mysql\_security\_group\_id) | The security group ID of the cluster | | [primary\_additional\_cluster\_endpoints](#output\_primary\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes | | [primary\_cluster\_arn](#output\_primary\_cluster\_arn) | Amazon Resource Name (ARN) of cluster | +| [primary\_cluster\_cloudwatch\_log\_groups](#output\_primary\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [primary\_cluster\_database\_name](#output\_primary\_cluster\_database\_name) | Name for an automatically created database on cluster creation | | [primary\_cluster\_endpoint](#output\_primary\_cluster\_endpoint) | Writer endpoint for the cluster | | [primary\_cluster\_engine\_version\_actual](#output\_primary\_cluster\_engine\_version\_actual) | The running version of the cluster database | diff --git a/examples/global-cluster/main.tf b/examples/global-cluster/main.tf index 5b034c20..bd7a207c 100644 --- a/examples/global-cluster/main.tf +++ b/examples/global-cluster/main.tf @@ -58,7 +58,6 @@ module "aurora_primary" { create_security_group = true allowed_cidr_blocks = module.primary_vpc.private_subnets_cidr_blocks enabled_cloudwatch_logs_exports = ["postgresql"] - create_cloudwatch_log_group = true skip_final_snapshot = true diff --git a/examples/global-cluster/outputs.tf b/examples/global-cluster/outputs.tf index 6bb20e09..ef08560d 100644 --- a/examples/global-cluster/outputs.tf +++ b/examples/global-cluster/outputs.tf @@ -112,6 +112,12 @@ output "primary_security_group_id" { value = module.aurora_primary.security_group_id } +# Cloudwatch log groups +output "primary_cluster_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora_primary.db_cluster_cloudwatch_log_groups +} + ################################################################################ # RDS Aurora Module - Secondary ################################################################################ @@ -225,3 +231,9 @@ output "mysql_security_group_id" { description = "The security group ID of the cluster" value = module.aurora_secondary.security_group_id } + +# Cloudwatch log group +output "mysql_cluster_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora_secondary.db_cluster_cloudwatch_log_groups +} diff --git a/examples/multi-az/README.md b/examples/multi-az/README.md index 541139c8..c52f7241 100644 --- a/examples/multi-az/README.md +++ b/examples/multi-az/README.md @@ -60,6 +60,7 @@ No inputs. | [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas | | [cluster\_resource\_id](#output\_cluster\_resource\_id) | The RDS Cluster Resource ID | | [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes | +| [db\_cluster\_cloudwatch\_log\_groups](#output\_db\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_cluster\_parameter\_group\_arn](#output\_db\_cluster\_parameter\_group\_arn) | The ARN of the DB cluster parameter group created | | [db\_cluster\_parameter\_group\_id](#output\_db\_cluster\_parameter\_group\_id) | The ID of the DB cluster parameter group created | | [db\_parameter\_group\_arn](#output\_db\_parameter\_group\_arn) | The ARN of the DB parameter group created | diff --git a/examples/multi-az/outputs.tf b/examples/multi-az/outputs.tf index 8c69dac5..a3304c60 100644 --- a/examples/multi-az/outputs.tf +++ b/examples/multi-az/outputs.tf @@ -131,3 +131,12 @@ output "db_parameter_group_id" { description = "The ID of the DB parameter group created" value = module.aurora.db_parameter_group_id } + +################################################################################ +# Cloudwatch Log Group +################################################################################ + +output "db_cluster_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora.db_cluster_cloudwatch_log_groups +} diff --git a/examples/mysql/README.md b/examples/mysql/README.md index 764e14ed..ce05e506 100644 --- a/examples/mysql/README.md +++ b/examples/mysql/README.md @@ -65,6 +65,7 @@ No inputs. | [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas | | [cluster\_resource\_id](#output\_cluster\_resource\_id) | The RDS Cluster Resource ID | | [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes | +| [db\_cluster\_cloudwatch\_log\_groups](#output\_db\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_cluster\_parameter\_group\_arn](#output\_db\_cluster\_parameter\_group\_arn) | The ARN of the DB cluster parameter group created | | [db\_cluster\_parameter\_group\_id](#output\_db\_cluster\_parameter\_group\_id) | The ID of the DB cluster parameter group created | | [db\_parameter\_group\_arn](#output\_db\_parameter\_group\_arn) | The ARN of the DB parameter group created | diff --git a/examples/mysql/outputs.tf b/examples/mysql/outputs.tf index 8c69dac5..a3304c60 100644 --- a/examples/mysql/outputs.tf +++ b/examples/mysql/outputs.tf @@ -131,3 +131,12 @@ output "db_parameter_group_id" { description = "The ID of the DB parameter group created" value = module.aurora.db_parameter_group_id } + +################################################################################ +# Cloudwatch Log Group +################################################################################ + +output "db_cluster_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora.db_cluster_cloudwatch_log_groups +} diff --git a/examples/postgresql/README.md b/examples/postgresql/README.md index 7770981d..4dd61afc 100644 --- a/examples/postgresql/README.md +++ b/examples/postgresql/README.md @@ -65,9 +65,9 @@ No inputs. | [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas | | [cluster\_resource\_id](#output\_cluster\_resource\_id) | The RDS Cluster Resource ID | | [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes | +| [db\_cluster\_cloudwatch\_log\_groups](#output\_db\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_cluster\_parameter\_group\_arn](#output\_db\_cluster\_parameter\_group\_arn) | The ARN of the DB cluster parameter group created | | [db\_cluster\_parameter\_group\_id](#output\_db\_cluster\_parameter\_group\_id) | The ID of the DB cluster parameter group created | -| [db\_default\_cloudwatch\_log\_groups](#output\_db\_default\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_parameter\_group\_arn](#output\_db\_parameter\_group\_arn) | The ARN of the DB parameter group created | | [db\_parameter\_group\_id](#output\_db\_parameter\_group\_id) | The ID of the DB parameter group created | | [db\_subnet\_group\_name](#output\_db\_subnet\_group\_name) | The db subnet group name | diff --git a/examples/postgresql/outputs.tf b/examples/postgresql/outputs.tf index 2fe1eeb4..a3304c60 100644 --- a/examples/postgresql/outputs.tf +++ b/examples/postgresql/outputs.tf @@ -136,7 +136,7 @@ output "db_parameter_group_id" { # Cloudwatch Log Group ################################################################################ -output "db_default_cloudwatch_log_groups" { +output "db_cluster_cloudwatch_log_groups" { description = "Map of CloudWatch log groups created and their attributes" value = module.aurora.db_cluster_cloudwatch_log_groups } diff --git a/examples/s3-import/README.md b/examples/s3-import/README.md index 98b2c0f5..d0691ef2 100644 --- a/examples/s3-import/README.md +++ b/examples/s3-import/README.md @@ -102,6 +102,7 @@ No inputs. | [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas | | [cluster\_resource\_id](#output\_cluster\_resource\_id) | The RDS Cluster Resource ID | | [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes | +| [db\_cluster\_cloudwatch\_log\_groups](#output\_db\_cluster\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [db\_subnet\_group\_name](#output\_db\_subnet\_group\_name) | The db subnet group name | | [enhanced\_monitoring\_iam\_role\_arn](#output\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role | | [enhanced\_monitoring\_iam\_role\_name](#output\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role | diff --git a/examples/s3-import/outputs.tf b/examples/s3-import/outputs.tf index 2ba2da79..a06f22c8 100644 --- a/examples/s3-import/outputs.tf +++ b/examples/s3-import/outputs.tf @@ -107,3 +107,9 @@ output "security_group_id" { description = "The security group ID of the cluster" value = module.aurora.security_group_id } + +# Cloudwatch Log Groups +output "db_cluster_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora.db_cluster_cloudwatch_log_groups +} diff --git a/examples/serverless/README.md b/examples/serverless/README.md index 913ebbf3..c770e8e7 100644 --- a/examples/serverless/README.md +++ b/examples/serverless/README.md @@ -100,6 +100,7 @@ No inputs. | [aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_name](#output\_aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role | | [aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role | | [aurora\_postgresql\_v2\_security\_group\_id](#output\_aurora\_postgresql\_v2\_security\_group\_id) | The security group ID of the cluster | +| [db\_default\_cloudwatch\_log\_groups](#output\_db\_default\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [mysql\_additional\_cluster\_endpoints](#output\_mysql\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes | | [mysql\_cluster\_arn](#output\_mysql\_cluster\_arn) | Amazon Resource Name (ARN) of cluster | | [mysql\_cluster\_database\_name](#output\_mysql\_cluster\_database\_name) | Name for an automatically created database on cluster creation | diff --git a/examples/serverless/outputs.tf b/examples/serverless/outputs.tf index 5d3f0bbb..82bb326a 100644 --- a/examples/serverless/outputs.tf +++ b/examples/serverless/outputs.tf @@ -454,3 +454,9 @@ output "aurora_postgresql_v2_security_group_id" { description = "The security group ID of the cluster" value = module.aurora_postgresql_v2.security_group_id } + +# Cloudwatch Log groups +output "db_default_cloudwatch_log_groups" { + description = "Map of CloudWatch log groups created and their attributes" + value = module.aurora_postgresql_v2.db_cluster_cloudwatch_log_groups +} From dac5c660458c861edcd4c0cdf920606ca4277563 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sat, 17 Dec 2022 23:02:31 -0500 Subject: [PATCH 04/10] update output naming --- examples/serverless/README.md | 2 +- examples/serverless/outputs.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/serverless/README.md b/examples/serverless/README.md index c770e8e7..ec8ecd83 100644 --- a/examples/serverless/README.md +++ b/examples/serverless/README.md @@ -100,7 +100,7 @@ No inputs. | [aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_name](#output\_aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role | | [aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role | | [aurora\_postgresql\_v2\_security\_group\_id](#output\_aurora\_postgresql\_v2\_security\_group\_id) | The security group ID of the cluster | -| [db\_default\_cloudwatch\_log\_groups](#output\_db\_default\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | +| [aurora\_postresql\_v2\_cloudwatch\_log\_groups](#output\_aurora\_postresql\_v2\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes | | [mysql\_additional\_cluster\_endpoints](#output\_mysql\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes | | [mysql\_cluster\_arn](#output\_mysql\_cluster\_arn) | Amazon Resource Name (ARN) of cluster | | [mysql\_cluster\_database\_name](#output\_mysql\_cluster\_database\_name) | Name for an automatically created database on cluster creation | diff --git a/examples/serverless/outputs.tf b/examples/serverless/outputs.tf index 82bb326a..34eed051 100644 --- a/examples/serverless/outputs.tf +++ b/examples/serverless/outputs.tf @@ -456,7 +456,7 @@ output "aurora_postgresql_v2_security_group_id" { } # Cloudwatch Log groups -output "db_default_cloudwatch_log_groups" { +output "aurora_postresql_v2_cloudwatch_log_groups" { description = "Map of CloudWatch log groups created and their attributes" value = module.aurora_postgresql_v2.db_cluster_cloudwatch_log_groups } From 8a4f2aaf23c874445dc6be3b52195afac40410b8 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Mon, 19 Dec 2022 20:02:49 -0500 Subject: [PATCH 05/10] revert test --- examples/global-cluster/main.tf | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/examples/global-cluster/main.tf b/examples/global-cluster/main.tf index bd7a207c..9f261330 100644 --- a/examples/global-cluster/main.tf +++ b/examples/global-cluster/main.tf @@ -52,12 +52,11 @@ module "aurora_primary" { instances = { for i in range(2) : i => {} } kms_key_id = aws_kms_key.primary.arn - vpc_id = module.primary_vpc.vpc_id - db_subnet_group_name = module.primary_vpc.database_subnet_group_name - create_db_subnet_group = false - create_security_group = true - allowed_cidr_blocks = module.primary_vpc.private_subnets_cidr_blocks - enabled_cloudwatch_logs_exports = ["postgresql"] + vpc_id = module.primary_vpc.vpc_id + db_subnet_group_name = module.primary_vpc.database_subnet_group_name + create_db_subnet_group = false + create_security_group = true + allowed_cidr_blocks = module.primary_vpc.private_subnets_cidr_blocks skip_final_snapshot = true From cac3fe320069fb24d995464e68d659f0db7d4a1e Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 1 Jan 2023 10:49:09 -0500 Subject: [PATCH 06/10] fix: Update CI workflow to avoid hitting GitHub API rate limiting --- .github/workflows/pre-commit.yml | 23 ++++++++++++++--------- .pre-commit-config.yaml | 4 ++-- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index b8f1b8a5..cb826713 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,6 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 + TFLINT_VERSION: v0.44.1 jobs: collectInputs: @@ -17,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.3.0 + uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 preCommitMinVersions: name: Min TF pre-commit @@ -32,28 +33,30 @@ jobs: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.3 + uses: clowdhaus/terraform-min-max@v1.2.4 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' preCommitMaxVersion: @@ -62,17 +65,19 @@ jobs: needs: collectInputs steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.3 + uses: clowdhaus/terraform-min-max@v1.2.4 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} + tflint-version: ${{ env.TFLINT_VERSION }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} + install-hcledit: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6a8a23ae..d5886a6d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.75.0 + rev: v1.77.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 + rev: v4.4.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer From b8f1e675c96164f3943d24707175e4254df21354 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 1 Jan 2023 10:54:37 -0500 Subject: [PATCH 07/10] fix: Revert versions till changes are made properly in #335 --- .github/workflows/pre-commit.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb826713..97b1695a 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -22,7 +22,7 @@ jobs: - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 + uses: clowdhaus/terraform-composite-actions/directories@v1.3.0 preCommitMinVersions: name: Min TF pre-commit @@ -37,14 +37,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.0.3 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -53,7 +53,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -72,10 +72,10 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.0.3 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} From ff3c89b36b2066a256f50d9fa63f300c22fe5253 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 1 Jan 2023 11:00:32 -0500 Subject: [PATCH 08/10] revert: Put CI workflow file back to original to see if we can get it to pass --- .github/workflows/pre-commit.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 97b1695a..b8f1b8a5 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,7 +8,6 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.44.1 jobs: collectInputs: @@ -18,7 +17,7 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v2 - name: Get root directories id: dirs @@ -33,7 +32,7 @@ jobs: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v2 - name: Terraform min/max versions id: minMax @@ -47,7 +46,6 @@ jobs: uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} - tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} @@ -56,7 +54,6 @@ jobs: uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} - tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' preCommitMaxVersion: @@ -65,7 +62,7 @@ jobs: needs: collectInputs steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} @@ -78,6 +75,4 @@ jobs: uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} - tflint-version: ${{ env.TFLINT_VERSION }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} - install-hcledit: true From ae4703a920fba7d860fc2ee88fe06304a66c7738 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sun, 12 Feb 2023 10:21:28 -0500 Subject: [PATCH 09/10] add conditional to prevent log group creation if using cluster name prefix --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 40ee91c7..dbf8affd 100644 --- a/main.tf +++ b/main.tf @@ -442,7 +442,7 @@ resource "aws_db_parameter_group" "this" { ################################################################################ resource "aws_cloudwatch_log_group" "this" { - for_each = toset([for log in var.enabled_cloudwatch_logs_exports : log if local.create_cluster && var.create_cloudwatch_log_group]) + for_each = toset([for log in var.enabled_cloudwatch_logs_exports : log if local.create_cluster && var.create_cloudwatch_log_group && !var.cluster_use_name_prefix]) name = "/aws/rds/cluster/${var.name}/${each.value}" retention_in_days = var.cloudwatch_log_group_retention_in_days From a8c1bb84d3a10743626003eb2d0f8a5f36ff9aa4 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sun, 12 Feb 2023 16:05:44 -0500 Subject: [PATCH 10/10] add comment for clarity --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index dbf8affd..08b01e60 100644 --- a/main.tf +++ b/main.tf @@ -441,6 +441,7 @@ resource "aws_db_parameter_group" "this" { # CloudWatch Log Group ################################################################################ +# Log groups will not be created if using a cluster identifier prefix resource "aws_cloudwatch_log_group" "this" { for_each = toset([for log in var.enabled_cloudwatch_logs_exports : log if local.create_cluster && var.create_cloudwatch_log_group && !var.cluster_use_name_prefix])