From 858712a432dfed198430d9fa6b4beb6b8f3ba797 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 28 Jun 2022 12:44:54 +0100 Subject: [PATCH] Update Terraform cn-terraform/cloudwatch-logs/aws to v1.0.11 (#34) * Update Terraform cn-terraform/cloudwatch-logs/aws to v1.0.11 * Fix pipeline * Fix pipeline * Add CW encryption variables Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Julian Nonino --- .github/workflows/pipeline.yml | 12 ++++++++++++ README.md | 5 ++++- examples/test/mock_provider.tf | 24 ++++++++++++++++++++++-- main.tf | 7 +++++-- variables.tf | 23 ++++++++++++++++++++++- 5 files changed, 65 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 74550aa..69db187 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -6,6 +6,11 @@ on: types: [opened, reopened, synchronize] branches: [main] +env: + DEFAULT_REGION: us-east-1 + AWS_ACCESS_KEY_ID: localstack + AWS_SECRET_ACCESS_KEY: localstack + jobs: check-format: runs-on: ubuntu-latest @@ -40,6 +45,13 @@ jobs: matrix: { dir: ['examples/test'] } + services: + localstack: + image: localstack/localstack + env: + SERVICES: apigateway,cloudformation,cloudwatch,dynamodb,es,firehose,iam,kinesis,lambda,route53,redshift,s3,secretsmanager,ses,sns,sqs,ssm,stepfunctions,sts + ports: + - 4566:4566 steps: - name: Checkout repository uses: actions/checkout@v3 diff --git a/README.md b/README.md index 3e2d451..f596518 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ In order to run all checks at any point run the following command: | Name | Source | Version | |------|--------|---------| -| [aws\_cw\_logs](#module\_aws\_cw\_logs) | cn-terraform/cloudwatch-logs/aws | 1.0.10 | +| [aws\_cw\_logs](#module\_aws\_cw\_logs) | cn-terraform/cloudwatch-logs/aws | 1.0.11 | | [ecs-cluster](#module\_ecs-cluster) | cn-terraform/ecs-cluster/aws | 1.0.10 | | [ecs-fargate-service](#module\_ecs-fargate-service) | cn-terraform/ecs-fargate-service/aws | 2.0.30 | | [td](#module\_td) | cn-terraform/ecs-fargate-task-definition/aws | 1.0.29 | @@ -72,7 +72,10 @@ In order to run all checks at any point run the following command: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [create\_kms\_key](#input\_create\_kms\_key) | If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable `log_group_kms_key_id` | `bool` | `false` | no | | [enable\_autoscaling](#input\_enable\_autoscaling) | (Optional) If true, autoscaling alarms will be created. | `bool` | `true` | no | +| [log\_group\_kms\_key\_id](#input\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | `string` | `null` | no | +| [log\_group\_retention\_in\_days](#input\_log\_group\_retention\_in\_days) | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days. | `number` | `30` | no | | [name\_prefix](#input\_name\_prefix) | Name prefix for resources on AWS | `any` | n/a | yes | | [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of Private Subnets IDs | `list(any)` | n/a | yes | | [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of Public Subnets IDs | `list(any)` | n/a | yes | diff --git a/examples/test/mock_provider.tf b/examples/test/mock_provider.tf index 934ad5a..bcc022c 100644 --- a/examples/test/mock_provider.tf +++ b/examples/test/mock_provider.tf @@ -14,6 +14,26 @@ provider "aws" { skip_requesting_account_id = true skip_metadata_api_check = true s3_use_path_style = true - access_key = "mock_access_key" - secret_key = "mock_secret_key" + + endpoints { + apigateway = "http://localstack:4566" + cloudformation = "http://localstack:4566" + cloudwatch = "http://localstack:4566" + dynamodb = "http://localstack:4566" + es = "http://localstack:4566" + firehose = "http://localstack:4566" + iam = "http://localstack:4566" + kinesis = "http://localstack:4566" + lambda = "http://localstack:4566" + route53 = "http://localstack:4566" + redshift = "http://localstack:4566" + s3 = "http://localstack:4566" + secretsmanager = "http://localstack:4566" + ses = "http://localstack:4566" + sns = "http://localstack:4566" + sqs = "http://localstack:4566" + ssm = "http://localstack:4566" + stepfunctions = "http://localstack:4566" + sts = "http://localstack:4566" + } } diff --git a/main.tf b/main.tf index 364e65b..c5034a2 100644 --- a/main.tf +++ b/main.tf @@ -3,10 +3,13 @@ #------------------------------------------------------------------------------ module "aws_cw_logs" { source = "cn-terraform/cloudwatch-logs/aws" - version = "1.0.10" + version = "1.0.11" # source = "../terraform-aws-cloudwatch-logs" - logs_path = "/ecs/service/${var.name_prefix}-jenkins-master" + create_kms_key = var.create_kms_key + log_group_kms_key_id = var.log_group_kms_key_id + log_group_retention_in_days = var.log_group_retention_in_days + logs_path = "/ecs/service/${var.name_prefix}-jenkins-master" } #------------------------------------------------------------------------------ diff --git a/variables.tf b/variables.tf index 6a9b75b..740216b 100644 --- a/variables.tf +++ b/variables.tf @@ -36,4 +36,25 @@ variable "enable_autoscaling" { description = "(Optional) If true, autoscaling alarms will be created." type = bool default = true -} \ No newline at end of file +} + +#------------------------------------------------------------------------------ +# CloudWatch logs +#------------------------------------------------------------------------------ +variable "create_kms_key" { + description = "If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable `log_group_kms_key_id`" + type = bool + default = false +} + +variable "log_group_kms_key_id" { + description = "The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested." + type = string + default = null +} + +variable "log_group_retention_in_days" { + description = "(Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days." + type = number + default = 30 +}