Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cloudwatch logging - api gateway global settings #8

Merged
merged 6 commits into from
Jan 10, 2023
Merged

Add cloudwatch logging - api gateway global settings #8

merged 6 commits into from
Jan 10, 2023

Conversation

jaezeu
Copy link
Contributor

@jaezeu jaezeu commented Jan 6, 2023
edited
Loading

Adding cwl global iam role

Adding aws_api_gateway_account as a tag to the api_gateway_stage resource, so that the aws_api_gateway_account resource would be created prior to the stage.

@niroz89 niroz89 changed the title adding cwl log Add cloudwatch logging - api gateway global settings Jan 8, 2023
niroz89
niroz89 reviewed Jan 8, 2023
View reviewed changes
Copy link
Contributor

@niroz89 niroz89 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please help to suppress checkov if not relevant. For kms, we can stick with default encryption, no need to go for cmk which is additional cost + needs rotation.

And generate terraform docs.
terraform-docs markdown --lockfile=false --recursive table --output-file README.md --output-mode inject .

main.tf Outdated
Comment on lines 48 to 50
tags = {
global_cwl_log_arn = var.enable_global_apigw_logging ? aws_api_gateway_account.api_gateway_account[0].cloudwatch_role_arn : ""
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jaezeu how this tag will be used ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@niroz89 this is to force implicit dependency so that the stage will be created after the global aws_api_gateway_account cloudwatch role arn is updated.

Copy link

@lawliet89 lawliet89 Jan 9, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think depends_on = [aws_api_gateway_account.api_gateway_account] might be sufficient. That should handle the "conditional" aspect -- I misunderstood your question on Slack.

@jaezeu jaezeu merged commit 6ed661f into main Jan 10, 2023
@jaezeu jaezeu deleted the apigw-iam-cwl branch January 10, 2023 04:25
zodilib pushed a commit that referenced this pull request Nov 12, 2024
@jaezeu
Add cloudwatch logging - api gateway global settings (#8)
cbc5b8a 
* adding cwl log

* terraform docs

* checkov suppression

* checkov suppression for cwl

* add depends on

* fmt

Co-authored-by: Jazeel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niroz89 niroz89 niroz89 left review comments

@lawliet89 lawliet89 lawliet89 left review comments

@pkailasu pkailasu pkailasu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jaezeu @lawliet89 @niroz89 @pkailasu