Implement module for CloudWatch logs #1
Conversation
|
|
iam_user.tf
Outdated
| @@ -0,0 +1,43 @@ | |||
| resource "aws_iam_user" "default" { | |||
There was a problem hiding this comment.
Can we use this module instead: https://github.com/cloudposse/terraform-aws-iam-system-user
There was a problem hiding this comment.
@osterman, in my case user will be create if username is defined, with module terraform-aws-iam-system-user can't get same functional. The one way is add count to module terraform-aws-iam-system-user.
There was a problem hiding this comment.
@osterman , I made PR in cloudposse/terraform-aws-iam-system-user#2 (comment)
iam_user.tf
Outdated
| @@ -0,0 +1,33 @@ | |||
| data "aws_iam_policy_document" "user" { | |||
| count = "${var.create_user == "true" ? 1 : 0}" | |||
variables.tf
Outdated
| } | ||
|
|
||
| variable "stream_names" { | ||
| default = ["pfsense", "ubuntu"] |
There was a problem hiding this comment.
pfsense is a very specific use case. It doesn't make sense as a global default.
There was a problem hiding this comment.
let's just create a default stream with the name of default
|
I activated TravisCI. Please bump. |
|
|
||
| principals { | ||
| type = "Service" | ||
| identifiers = ["logs.${length(var.region) > 0 ? var.region: data.aws_region.default.name}.amazonaws.com"] |
| "logs:DeleteLogStream", | ||
| ] | ||
|
|
||
| resources = [ |
There was a problem hiding this comment.
Use compact with concat.
It can break the module work - with json need be very careful
There was a problem hiding this comment.
I'm not sure which delimiter between elements which I'll get after the concat()
There was a problem hiding this comment.
It seems, there is no need to use join with delimiter here.
https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html
iam.tf
Outdated
|
|
||
| resources = [ | ||
| "${aws_cloudwatch_log_group.default.arn}", | ||
| "${join(",", aws_cloudwatch_log_stream.default.*.arn)}", |
There was a problem hiding this comment.
yes, for prevent mistakes in json
There was a problem hiding this comment.
explain what mistakes it prevents. it's not clear.
There was a problem hiding this comment.
element in resources should be separated by comma, I'm not sure that comma will be without join()
main.tf
Outdated
| @@ -0,0 +1,35 @@ | |||
| data "aws_region" "default" { | |||
| current = true | |||
|
@comeanother , I'm prefer the current name of repo :) |
variables.tf
Outdated
|
|
||
| variable "namespace" { | ||
| description = "Namespace (e.g. `cp` or `cloudposse`)" | ||
| default = "cp" |
variables.tf
Outdated
| } | ||
|
|
||
| variable "stage" { | ||
| default = "dev" |
| } | ||
| } | ||
|
|
||
| module "user" { |
There was a problem hiding this comment.
Do we need this module?
It is not in use.
There was a problem hiding this comment.
It is not in use.
Why do you decided that?
There was a problem hiding this comment.
I assume, purpose of this user is to be able to connect to the corresponding streams.
But this user would has access to all streams. https://github.com/cloudposse/terraform-aws-cloudwatch-logs/pull/1/files#diff-a83a8bb953f15707ac8beb549b114ab5R22
| "logs:DeleteLogStream", | ||
| ] | ||
|
|
||
| resources = [ |
There was a problem hiding this comment.
It seems, there is no need to use join with delimiter here.
https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html
@comeanother , I see in example resources separated by comma |
outputs.tf
Outdated
| value = "${aws_cloudwatch_log_group.default.name}" | ||
| } | ||
|
|
||
| output "log_stream_name" { |
outputs.tf
Outdated
| description = "ARN of the log group" | ||
| } | ||
|
|
||
| output "stream_arn" { |
main.tf
Outdated
| name = "${var.name}" | ||
| stage = "${var.stage}" | ||
| delimiter = "${var.delimiter}" | ||
| attributes = "${compact(concat(var.attributes, list("log")))}" |
| } | ||
| } | ||
|
|
||
| module "user" { |
There was a problem hiding this comment.
I assume, purpose of this user is to be able to connect to the corresponding streams.
But this user would has access to all streams. https://github.com/cloudposse/terraform-aws-cloudwatch-logs/pull/1/files#diff-a83a8bb953f15707ac8beb549b114ab5R22
What
CloudWatchlogsWhy