Skip to content

Latest commit

 

History

History
125 lines (74 loc) · 6.07 KB

README.md

File metadata and controls

125 lines (74 loc) · 6.07 KB

Terraform aws athena

This module creates an athena db, a corresponding query to create a table and some general log queries for each service for which you provide the log bucket name.
Supported services are CloudFront, CloudTrail and SES.

Contents

queries

This contains templates for the individual athena queries

This query creates the table cloudfront_logs if it doesn't already exist. This table is used by all other cloudfront queries.

This displays all logs from yesterday and today, with a reduced set of columns.

This displays all logs from yesterday and today for a single given request IP, with a reduced set of columns.

This displays all logs from a specific cloudfront distribution that you can identify by it's domain name.
Some possible filter parameter are added as comments.

This query creates the table cloudtrail_logs if it doesn't already exist. This table is used by all other cloudtrail queries.

This displays all logs for Console Login events, ordered by date.

This query creates the table ses_logs if it doesn't already exist. This table is used by all other ses queries.

This displays the number of non-supressed bounced and send emails for each day. Logging send and bounced events is required for this, if only one or neither is logged this will not display anything.
It excludes mails send to addresses on one of the suppression lists, since such emails are not counted for your ses bounce ratio metric.

This displays the amount of non-suppresed bounced emails for each day.

This displays timestamp, source, destination and diagnosticcode for each bounced email.

pre-commit-config.yaml

We rely on pre-commit hooks to ensure the good code quality. It's also responsible for creating terraform-docs.

.github/workflows

We have several default workflows prepared.

checkov

checkov scans the terraform manifests for common misconfigurations.

conventional-commits

We want to enforce conventional commits to ensure our semantic-release works correctly.

semantic-release

Whenever new commits are merged into the main branch we want a new release to be created.

tflint

Terraform linter for finding possible errors, old syntax, unused declarations etc. Also it enforces best practices. See tflint.

Recommended Repo configuration

We recommend protecting the main branch and to allow new code pushes only via Pull Requests. This way it's ensured that all tests pass before a new release is pushed.

Requirements

Name Version
terraform >= 1.6.0
aws >= 4.55.0

Providers

Name Version
aws >= 4.55.0

Modules

No modules.

Resources

Name Type
aws_athena_database.cloudfront resource
aws_athena_database.cloudtrail resource
aws_athena_database.ses resource
aws_athena_named_query.cloudfront resource
aws_athena_named_query.cloudtrail resource
aws_athena_named_query.ses resource
aws_caller_identity.current data source

Inputs

Name Description Type Default Required
cloudfront The name of the s3 bucket containing the cloudfront logs. Creates a db and saved cloudfront queries if set. string null no
cloudtrail Configuration for cloudtrail. Creates a db and saved cloudfront queries if bucket_name is set. Only set prefix if you configured one in your cloudtrail
object({
bucket_name = string
prefix = optional(string)
})
{
"bucket_name": null
}
no
query_bucket_name The name of the bucket to save the query into. string n/a yes
ses The name of the s3 bucket containing the ses logs. Creates a db and saved ses queries if set string null no

Outputs

No outputs.