Skip to content

Latest commit

 

History

History
107 lines (95 loc) · 8.14 KB

README.md

File metadata and controls

107 lines (95 loc) · 8.14 KB

Terraform Trailwatch Modules

Relational Database Service (RDS)

Releases License

About

This Terraform module creates CloudWatch Log Metric Filters and associated Alarms for monitoring Amazon RDS instances and clusters based on specified event names. It helps ensure that critical changes to RDS resources are monitored effectively and alerts are sent to a pre-existing SNS topic.

Features

  • Creates CloudWatch Log Metric Filters for specified RDS instances and clusters.
  • Creates CloudWatch Alarms that trigger based on metrics from the filters.
  • Flexible configuration for events to monitor and alarm settings.

Requirements

Name Version
terraform ~> 1.0
aws ~> 5.46

Inputs

Name Description Type Default Required
cw_log_group_name The name of the CloudWatch log group storing CloudTrail logs. string n/a yes
cw_metric_filter_alarm_actions The list of actions to execute when the alarm transitions into an ALARM state from any other state. list(string) [] no
cw_metric_filter_alarm_comparison_operator The comparison operator for the CloudWatch metric filter alarm. string "GreaterThanOrEqualToThreshold" no
cw_metric_filter_alarm_evaluation_periods The number of periods over which data is compared to the specified threshold. number 1 no
cw_metric_filter_alarm_period The period in seconds over which the specified statistic is applied. number 300 no
cw_metric_filter_alarm_statistic The statistic to apply to the alarm's associated metric. string "Sum" no
cw_metric_filter_alarm_threshold The value against which the specified statistic is compared. number 1 no
cw_metric_filter_namespace The namespace for the CloudWatch metric filter. string "RDS/Monitoring" no
cw_metric_filter_value The value to publish to the CloudWatch metric. string "1" no
rds_db_cluster_events List of RDS cluster-related events to monitor. list(string)
[
"CreateDBCluster",
"DeleteDBCluster",
"ModifyDBCluster",
"CreateDBClusterSnapshot",
"DeleteDBClusterSnapshot",
"RestoreDBClusterFromS3",
"FailoverDBCluster",
"AddRoleToDBCluster",
"RemoveRoleFromDBCluster"
]
no
rds_db_identifiers The list of RDS database identifiers to monitor. list(string) n/a yes
rds_db_instance_events List of RDS instance-related events to monitor. list(string)
[
"DeleteDBInstance",
"ModifyDBInstance",
"RebootDBInstance",
"CreateDBSnapshot",
"DeleteDBSnapshot",
"RestoreDBInstanceFromDBSnapshot"
]
no
rds_db_parameter_group_events List of RDS parameter group-related events to monitor. list(string)
[
"CreateDBParameterGroup",
"DeleteDBParameterGroup",
"ModifyDBParameterGroup"
]
no
rds_db_security_group_events List of RDS security group-related events to monitor. list(string)
[
"CreateDBSecurityGroup",
"DeleteDBSecurityGroup",
"ModifyDBSecurityGroup"
]
no
rds_db_type The type of the RDS database: 'instance' for RDS instance or 'cluster' for RDS cluster. string "instance" no

Simple Example

# database type: `instance`
module "terraform_trailwatch_rds" {
  source                         = "terraform-trailwatch-modules/rds/aws"
  rds_db_identifiers             = ["acme-database-1"]
  cw_log_group_name              = "the-cloudtrail-log-group"
  cw_metric_filter_alarm_actions = ["arn:aws:sns:region:account-id:sns-topic"]
}

# database type: `cluster`
module "terraform_trailwatch_rds" {
  source                         = "terraform-trailwatch-modules/rds/aws"
  rds_db_identifiers             = ["acme-database-1"]
  rds_db_type                    = "cluster"
  cw_log_group_name              = "the-cloudtrail-log-group"
  cw_metric_filter_alarm_actions = ["arn:aws:sns:region:account-id:sns-topic"]
}

Advanced Example

# database type: `instance`
module "aws_monitoring_rds" {
  source                                     = "path/to/module"
  rds_db_identifiers                         = ["acme-database-1"]
  rds_db_instance_events                     = ["DeleteDBInstance", "ModifyDBInstance"]
  cw_log_group_name                          = "the-cloudtrail-log-group"
  cw_metric_filter_namespace                 = "RDS/Monitoring"
  cw_metric_filter_value                     = "1"
  cw_metric_filter_alarm_comparison_operator = "GreaterThanOrEqualToThreshold"
  cw_metric_filter_alarm_evaluation_periods  = 1
  cw_metric_filter_alarm_period              = 300
  cw_metric_filter_alarm_statistic           = "Sum"
  cw_metric_filter_alarm_threshold           = 1
  cw_metric_filter_alarm_actions             = ["arn:aws:sns:region:account-id:sns-topic"]
}

# database type: `cluster`
module "aws_monitoring_rds" {
  source                                     = "path/to/module"
  rds_db_identifiers                         = ["acme-database-1"]
  rds_db_type                                = "cluster"
  rds_db_cluster_events                      = ["CreateDBCluster", "DeleteDBCluster"]
  cw_log_group_name                          = "the-cloudtrail-log-group"
  cw_metric_filter_namespace                 = "RDS/Monitoring"
  cw_metric_filter_value                     = "1"
  cw_metric_filter_alarm_comparison_operator = "GreaterThanOrEqualToThreshold"
  cw_metric_filter_alarm_evaluation_periods  = 1
  cw_metric_filter_alarm_period              = 300
  cw_metric_filter_alarm_statistic           = "Sum"
  cw_metric_filter_alarm_threshold           = 1
  cw_metric_filter_alarm_actions             = ["arn:aws:sns:region:account-id:sns-topic"]
}

Changelog

For a detailed list of changes, please refer to the CHANGELOG.md.

License

This module is licensed under the MIT License.