CAT-23836 Added log_delivery_configuration

ehirsch-3pg · ehirsch-3pg · commit 3be9a258033e · 2024-04-10T17:50:15.000+03:00
diff --git a/examples/logs-cloudwatch/.gitignore b/examples/logs-cloudwatch/.gitignore
@@ -0,0 +1,2 @@
+backend.tf
+provider.tf
diff --git a/examples/logs-cloudwatch/.terraform.lock.hcl b/examples/logs-cloudwatch/.terraform.lock.hcl
diff --git a/examples/logs-cloudwatch/main.tf b/examples/logs-cloudwatch/main.tf
@@ -0,0 +1,11 @@
+module "redis" {
+  source = "../.."
+
+  create_dns = false
+  create_log_group = true
+
+  organization = var.organization
+  environment  = var.environment
+  product      = var.product
+  repo         = var.repo
+}
diff --git a/examples/logs-cloudwatch/outputs.tf b/examples/logs-cloudwatch/outputs.tf
@@ -0,0 +1,39 @@
+output "name" {
+  description = "The name of the ElastiCache replication group"
+  value       = module.redis.name
+}
+
+output "arn" {
+  description = "The ARN of the ElastiCache replication group"
+  value       = module.redis.arn
+}
+
+output "sg_ids" {
+  description = "The security group ids"
+  value       = module.redis.sg_ids
+}
+
+output "engine_version_actual" {
+  description = "Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine."
+  value       = module.redis.engine_version_actual
+}
+
+output "member_clusters" {
+  description = "Identifiers of all the nodes that are part of this replication group."
+  value       = module.redis.member_clusters
+}
+
+output "primary_endpoint_address" {
+  description = "Address of the endpoint for the primary node in the replication group."
+  value       = module.redis.primary_endpoint_address
+}
+
+output "reader_endpoint_address" {
+  description = "Address of the endpoint for the reader node in the replication group."
+  value       = module.redis.reader_endpoint_address
+}
+
+output "tags" {
+  description = "The tags"
+  value       = module.redis.tags
+}
diff --git a/examples/logs-cloudwatch/sample-backend.tf b/examples/logs-cloudwatch/sample-backend.tf
@@ -0,0 +1,9 @@
+# terraform {
+#   backend "s3" {
+#     bucket         = "my-bucket-tfstate"
+#     key            = "example-terraform-aws-elasticache-redis-standalone-no-dns"
+#     profile        = "my-profile"
+#     region         = "us-east-1"
+#     dynamodb_table = "terraform-lock"
+#   }
+# }
diff --git a/examples/logs-cloudwatch/sample-provider.tf b/examples/logs-cloudwatch/sample-provider.tf
@@ -0,0 +1,12 @@
+# provider "aws" {
+#   region  = "us-east-1"
+#   profile = "my-profile"
+#   default_tags {
+#     tags = {
+#       product      = var.product
+#       environment  = var.environment
+#       repo         = var.repo
+#       organization = var.organization
+#     }
+#   }
+# }
diff --git a/examples/logs-cloudwatch/tags.tf b/examples/logs-cloudwatch/tags.tf
@@ -0,0 +1,45 @@
+variable "environment" {
+  description = "Environment (sharedtools, dev, staging, prod)"
+  type        = string
+
+  default = "sharedtools"
+
+  validation {
+    condition     = contains(["sharedtools", "dev", "staging", "prod"], var.environment)
+    error_message = "The environment variable must be one of [sharedtools, dev, staging, prod]."
+  }
+}
+
+variable "product" {
+  description = "Tag used to group resources according to application"
+
+  default = "ex-tf-redis-no-dns"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.product))
+    error_message = "The product variable violates approved regex."
+  }
+}
+
+variable "repo" {
+  description = "Tag used to point to the repo using this module"
+
+  default = "https://github.com/pbs/terraform-elasticache-redis-standalone-module.git"
+
+  validation {
+    condition     = can(regex("(?:git|ssh|https?|git@[-\\w.]+):(\\/\\/)?(.*?)(\\.git)(\\/?|\\#[-\\d\\w._]+?)$", var.repo))
+    error_message = "The repo variable violates approved regex."
+  }
+}
+
+variable "organization" {
+  description = "Organization using this module. Used to prefix tags so that they are easily identified as being from your organization"
+  type        = string
+
+  default = "example"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.organization))
+    error_message = "The organization variable violates approved regex."
+  }
+}
diff --git a/examples/logs-kinesis/.gitignore b/examples/logs-kinesis/.gitignore
@@ -0,0 +1,2 @@
+backend.tf
+provider.tf
diff --git a/examples/logs-kinesis/.terraform.lock.hcl b/examples/logs-kinesis/.terraform.lock.hcl
diff --git a/examples/logs-kinesis/main.tf b/examples/logs-kinesis/main.tf
@@ -0,0 +1,14 @@
+module "redis" {
+  source = "../.."
+
+  create_dns = false
+  log_destination      = "some-kinesis-stream-name"
+  log_destination_type = "kinesis-firehose"
+  log_format           = "json"
+  log_type             = "engine-log"
+
+  organization = var.organization
+  environment  = var.environment
+  product      = var.product
+  repo         = var.repo
+}
diff --git a/examples/logs-kinesis/outputs.tf b/examples/logs-kinesis/outputs.tf
@@ -0,0 +1,39 @@
+output "name" {
+  description = "The name of the ElastiCache replication group"
+  value       = module.redis.name
+}
+
+output "arn" {
+  description = "The ARN of the ElastiCache replication group"
+  value       = module.redis.arn
+}
+
+output "sg_ids" {
+  description = "The security group ids"
+  value       = module.redis.sg_ids
+}
+
+output "engine_version_actual" {
+  description = "Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine."
+  value       = module.redis.engine_version_actual
+}
+
+output "member_clusters" {
+  description = "Identifiers of all the nodes that are part of this replication group."
+  value       = module.redis.member_clusters
+}
+
+output "primary_endpoint_address" {
+  description = "Address of the endpoint for the primary node in the replication group."
+  value       = module.redis.primary_endpoint_address
+}
+
+output "reader_endpoint_address" {
+  description = "Address of the endpoint for the reader node in the replication group."
+  value       = module.redis.reader_endpoint_address
+}
+
+output "tags" {
+  description = "The tags"
+  value       = module.redis.tags
+}
diff --git a/examples/logs-kinesis/sample-backend.tf b/examples/logs-kinesis/sample-backend.tf
@@ -0,0 +1,9 @@
+# terraform {
+#   backend "s3" {
+#     bucket         = "my-bucket-tfstate"
+#     key            = "example-terraform-aws-elasticache-redis-standalone-no-dns"
+#     profile        = "my-profile"
+#     region         = "us-east-1"
+#     dynamodb_table = "terraform-lock"
+#   }
+# }
diff --git a/examples/logs-kinesis/sample-provider.tf b/examples/logs-kinesis/sample-provider.tf
@@ -0,0 +1,12 @@
+# provider "aws" {
+#   region  = "us-east-1"
+#   profile = "my-profile"
+#   default_tags {
+#     tags = {
+#       product      = var.product
+#       environment  = var.environment
+#       repo         = var.repo
+#       organization = var.organization
+#     }
+#   }
+# }
diff --git a/examples/logs-kinesis/tags.tf b/examples/logs-kinesis/tags.tf
@@ -0,0 +1,45 @@
+variable "environment" {
+  description = "Environment (sharedtools, dev, staging, prod)"
+  type        = string
+
+  default = "sharedtools"
+
+  validation {
+    condition     = contains(["sharedtools", "dev", "staging", "prod"], var.environment)
+    error_message = "The environment variable must be one of [sharedtools, dev, staging, prod]."
+  }
+}
+
+variable "product" {
+  description = "Tag used to group resources according to application"
+
+  default = "ex-tf-redis-no-dns"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.product))
+    error_message = "The product variable violates approved regex."
+  }
+}
+
+variable "repo" {
+  description = "Tag used to point to the repo using this module"
+
+  default = "https://github.com/pbs/terraform-elasticache-redis-standalone-module.git"
+
+  validation {
+    condition     = can(regex("(?:git|ssh|https?|git@[-\\w.]+):(\\/\\/)?(.*?)(\\.git)(\\/?|\\#[-\\d\\w._]+?)$", var.repo))
+    error_message = "The repo variable violates approved regex."
+  }
+}
+
+variable "organization" {
+  description = "Organization using this module. Used to prefix tags so that they are easily identified as being from your organization"
+  type        = string
+
+  default = "example"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.organization))
+    error_message = "The organization variable violates approved regex."
+  }
+}
diff --git a/locals.tf b/locals.tf
@@ -1,12 +1,16 @@
 locals {
   name                = var.name != null ? var.name : var.product
+  service_name        = var.service_name != null ? var.service_name : local.name
   security_group_ids  = var.security_group_ids != null ? var.security_group_ids : [aws_security_group.sg.id]
   subnet_group_name   = var.subnet_group_name != null ? var.subnet_group_name : aws_elasticache_subnet_group.subnet_group.id
   vpc_id              = var.vpc_id != null ? var.vpc_id : data.aws_vpc.vpc[0].id
   subnets             = var.subnets != null ? var.subnets : data.aws_subnets.private_subnets[0].ids
   cname               = var.cname != null ? var.cname : "${local.name}-cache"
   private_hosted_zone = var.create_dns ? data.aws_route53_zone.private_hosted_zone[0].zone_id : null
 
+  log_destination  = var.log_destination != null ? var.log_destination : "/ecs/${local.service_name}"
+  create_log_group = var.log_destination == null ? var.create_log_group : false
+
   vpc_data_lookup_tags = var.vpc_data_lookup_tags != null ? var.vpc_data_lookup_tags : {
     "environment" : var.environment
   }
diff --git a/logs.tf b/logs.tf
@@ -0,0 +1,16 @@
+resource "aws_cloudwatch_log_group" "logs" {
+  count = local.create_log_group == true ? 1 : 0
+
+  name = local.log_destination
+
+  retention_in_days = var.retention_in_days
+
+  log_group_class = var.log_group_class
+
+  tags = {
+    Name        = "${local.service_name} Log Group"
+    application = var.product
+    environment = var.environment
+    creator     = local.creator
+  }
+}
diff --git a/main.tf b/main.tf
@@ -29,5 +29,15 @@ resource "aws_elasticache_replication_group" "replication_group" {
   transit_encryption_enabled  = var.transit_encryption_enabled
   user_group_ids              = var.user_group_ids
 
+  dynamic "log_delivery_configuration" {
+    for_each = local.create_log_group ? [1] : []
+    content {
+      destination      = local.log_destination
+      destination_type = var.log_destination_type
+      log_format       = var.log_format
+      log_type         = var.log_type
+    }
+  }
+
   tags = local.tags
 }
diff --git a/optional-logs.tf b/optional-logs.tf
@@ -0,0 +1,47 @@
+variable "create_log_group" {
+  description = "Flag for creating a CloudWatch log group."
+  default     = false
+  type        = bool
+}
+
+variable "service_name" {
+  description = "Name of the service running this task. Only important here because the AWS console defaults to `/ecs/service_name` when displaying logs for a service"
+  default     = null
+  type        = string
+}
+
+variable "log_group_class" {
+  description = "Log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS."
+  default     = "INFREQUENT_ACCESS"
+  type        = string
+}
+
+variable "retention_in_days" {
+  description = "Log retention in days"
+  default     = 7
+  type        = number
+}
+
+variable "log_destination" {
+  description = "Name of externally created CloudWatch Logs LogGroup or Kinesis Data Firehose resource. If any specified, create_log_group will be ignored."
+  default     = null
+  type        = string
+}
+
+variable "log_destination_type" {
+  description = "For CloudWatch Logs use cloudwatch-logs or for Kinesis Data Firehose use kinesis-firehose."
+  default     = "cloudwatch-logs"
+  type        = string
+}
+
+variable "log_format" {
+  description = "Log format with valid values of json or text."
+  default     = "text"
+  type        = string
+}
+
+variable "log_type" {
+  description = "Log type with valid values of slow-log or engine-log."
+  default     = "slow-log"
+  type        = string
+}
