Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement module for VPC flow logs #1

Merged
merged 17 commits into from
Nov 21, 2017
Merged

Implement module for VPC flow logs #1

merged 17 commits into from
Nov 21, 2017

Conversation

SweetOps
Copy link
Contributor

@SweetOps SweetOps commented Oct 30, 2017
edited by const-bon
Loading

What

  • Enable VPC logs collection via CloudWatch

Why

  • We need an option to collect ACCEPT,REJECT, ALL network logs

@SweetOps SweetOps self-assigned this Oct 30, 2017
osterman
osterman reviewed Oct 30, 2017
View reviewed changes
iam.tf Outdated
@@ -0,0 +1,43 @@
resource "aws_iam_role" "default" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Always use the policy document instead of heredoc. https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html

osterman
osterman reviewed Oct 30, 2017
View reviewed changes
iam.tf Outdated
name = "${module.vpc_label.id}"
role = "${aws_iam_role.default.id}"

policy = <<EOF
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use policy document

osterman
osterman reviewed Oct 30, 2017
View reviewed changes
main.tf Outdated
module "subnet_label" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.2.2"
namespace = "${var.namespace}"
name = "subnet"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be an attribute

@SweetOps
Copy link
Contributor Author

@osterman , I think repo should be renamed, because terraform-aws-cloudwatch-logs is very common. What you think about terraform-aws-cloudwatch-flow-logs?

@SweetOps
Copy link
Contributor Author

screenshot 2017-10-31 13 08 46

screenshot 2017-10-31 13 12 55

const-bon
const-bon reviewed Nov 13, 2017
View reviewed changes
kinesis.tf Outdated
module "kinesis_label" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.2.2"
namespace = "${var.namespace}"
name = "kinesis"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn't hardcode module names.

main.tf Outdated
@@ -0,0 +1,58 @@
data "aws_region" "default" {
current = true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"true"

README.md Outdated
```terraform
module "flow_logs" {
source = "git::https://github.com/cloudposse/terraform-aws-cloudwatch-flow-logs.git?ref=master"
vpc_id = "vpc-d309abab"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use variables for vpc_id, namespace and stage.
name may be required too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's just example =\ and name isn't required input

@const-bon
Copy link

@SweetOps @osterman
Should we rename module to terraform-aws-cloudwatch-vpc-flow-logs for consistence?

@SweetOps
Copy link
Contributor Author

@comeanother , I'm prefer the current name

const-bon
const-bon reviewed Nov 21, 2017
View reviewed changes
kinesis.tf Outdated
retention_period = "${var.retention_period}"
shard_level_metrics = "${var.shard_level_metrics}"
encryption_type = "${var.encryption_type}"
kms_key_id = "${var.encryption_type}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it a copy and paste error?

kinesis.tf Outdated
}

resource "aws_cloudwatch_log_subscription_filter" "default" {
name = "${aws_cloudwatch_log_group.default.name}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aws_cloudwatch_log_group name (/aws/lambda/example_lambda_name) may be improper for resource name.
https://www.terraform.io/docs/providers/aws/r/cloudwatch_log_subscription_filter.html

We should use terraform-null-label for resource names.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aws_cloudwatch_log_group name (/aws/lambda/example_lambda_name) may be improper for resource name.

it doesn't matter

main.tf Outdated
count = "${length(compact(var.subnet_ids))}"
log_group_name = "${aws_cloudwatch_log_group.default.name}"
iam_role_arn = "${aws_iam_role.log.arn}"
subnet_id = "${element(var.subnet_ids, count.index)}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use compact here too for consistence.
Otherwise, empty elements will be enumerated.

main.tf Outdated
count = "${length(compact(var.eni_ids))}"
log_group_name = "${aws_cloudwatch_log_group.default.name}"
iam_role_arn = "${aws_iam_role.log.arn}"
subnet_id = "${element(var.eni_ids, count.index)}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use compact here too for consistence.
Otherwise, empty elements will be enumerated.

main.tf Outdated
}

module "log_group_label" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.2.2"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use 0.3.1 label module.

main.tf Outdated
}

module "vpc_label" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.2.2"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use 0.3.1 label module.

main.tf Outdated
}

module "subnet_label" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.2.2"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use 0.3.1 label module.

@SweetOps
Copy link
Contributor Author

screenshot 2017-11-21 12 05 38

@SweetOps
Copy link
Contributor Author

screenshot 2017-11-21 15 20 41

const-bon
const-bon reviewed Nov 21, 2017
View reviewed changes
variables.tf Outdated
variable "stage" {
description = "Stage (e.g. `prod`, `dev`, `staging`)"
type = "string"
default = "dev"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop default value.

variables.tf Outdated
variable "namespace" {
description = "Namespace (e.g. `cp` or `cloudposse`)"
type = "string"
default = "cp"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop default value.

variables.tf Outdated
}

variable "vpc_id" {
default = "vpc-aceb27ca"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop default value.

const-bon
const-bon reviewed Nov 21, 2017
View reviewed changes
variables.tf Outdated

variable "enabled" {
default = "true"
description = "Set to false to prevent the module from creating anything "
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop trailing whitespaces.

@const-bon const-bon changed the title Implement module for flow logs Implement module for VPC flow logs Nov 21, 2017
@const-bon const-bon merged commit 52929aa into master Nov 21, 2017
@const-bon const-bon deleted the add_code branch November 21, 2017 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@osterman osterman osterman left review comments

@const-bon const-bon const-bon approved these changes

Assignees

@SweetOps SweetOps

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SweetOps @const-bon @osterman