hashicorp#20068 logdeliveryconfigurations docs: `aws_elasticache_clus…

…ter`
nickolivera · Sep 23, 2021 · 3ad54fa · 3ad54fa
1 parent 99713e6
commit 3ad54fa
Showing 1 changed file with 145 additions and 0 deletions.
diff --git a/website/docs/r/elasticache_cluster.html.markdown b/website/docs/r/elasticache_cluster.html.markdown
@@ -68,6 +68,131 @@ resource "aws_elasticache_cluster" "replica" {
 }
 ```
 
+### Redis SLOWLOG configuration with CloudWatch Logs log group as destination
+
+```terraform
+data "aws_iam_policy_document" "p" {
+  statement {
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents"
+    ]
+    resources = ["${aws_cloudwatch_log_group.lg.arn}:log-stream:*"]
+    principals {
+      identifiers = ["delivery.logs.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_cloudwatch_log_resource_policy" "rp" {
+  policy_document = data.aws_iam_policy_document.p.json
+  policy_name     = "mypolicyname"
+}
+
+resource "aws_cloudwatch_log_group" "lg" {
+  name = "myloggroup"
+}
+
+resource "aws_elasticache_cluster" "test" {
+  cluster_id        = "mycluster"
+  engine            = "redis"
+  node_type         = "cache.t3.micro"
+  num_cache_nodes   = 1
+  port              = 6379
+  apply_immediately = true
+
+  log_delivery_configurations {
+    destination_details {
+      cloudwatch_logs {
+        log_group = aws_cloudwatch_log_group.lg.name
+      }
+    }
+    destination_type = "cloudwatch-logs"
+    log_format       = "text"
+    log_type         = "slow-log"
+  }
+}
+```
+### Redis SLOWLOG configuration with Kinesis Data Firehose delivery stream as destination
+```terraform
+resource "aws_s3_bucket" "b" {
+  acl           = "private"
+  force_destroy = true
+}
+
+resource "aws_iam_role" "r" {
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "firehose.amazonaws.com"
+        }
+      },
+    ]
+  })
+  inline_policy {
+    name = "my_inline_s3_policy"
+    policy = jsonencode({
+      Version = "2012-10-17"
+      Statement = [
+        {
+          Action = [
+            "s3:AbortMultipartUpload",
+            "s3:GetBucketLocation",
+            "s3:GetObject",
+            "s3:ListBucket",
+            "s3:ListBucketMultipartUploads",
+            "s3:PutObject",
+            "s3:PutObjectAcl",
+          ]
+          Effect   = "Allow"
+          Resource = ["${aws_s3_bucket.b.arn}", "${aws_s3_bucket.b.arn}/*"]
+        },
+      ]
+    })
+  }
+}
+
+resource "aws_kinesis_firehose_delivery_stream" "ds" {
+  name        = "mydeliverystream"
+  destination = "s3"
+  s3_configuration {
+    role_arn   = aws_iam_role.r.arn
+    bucket_arn = aws_s3_bucket.b.arn
+  }
+  lifecycle {
+    ignore_changes = [
+      tags["LogDeliveryEnabled"],
+    ]
+  }
+}
+
+resource "aws_elasticache_cluster" "test" {
+  cluster_id        = "mycluster"
+  engine            = "redis"
+  node_type         = "cache.t3.micro"
+  num_cache_nodes   = 1
+  port              = 6379
+  apply_immediately = true
+
+  log_delivery_configurations {
+    destination_details {
+      kinesis_firehose {
+        delivery_stream = aws_kinesis_firehose_delivery_stream.ds.name
+      }
+    }
+    destination_type = "kinesis-firehose"
+    log_format       = "json"
+    log_type         = "slow-log"
+  }
+}
+```
+
 ## Argument Reference
 
 The following arguments are required:
@@ -87,6 +212,7 @@ The following arguments are optional:
 See [Describe Cache Engine Versions](https://docs.aws.amazon.com/cli/latest/reference/elasticache/describe-cache-engine-versions.html)
 in the AWS Documentation for supported versions. When `engine` is `redis` and the version is 6 or higher, only the major version can be set, e.g. `6.x`, otherwise, specify the full version desired, e.g. `5.0.6`. The actual engine version used is returned in the attribute `engine_version_actual`, [defined below](#engine_version_actual).
 * `final_snapshot_identifier` - (Optional, Redis only) Name of your final cluster snapshot. If omitted, no final snapshot will be made.
+* `log_delivery_configurations` - (Optional, Redis only) Specifies the destination and format of Redis [SLOWLOG](https://redis.io/commands/slowlog). See the documentation on [Amazon ElastiCache](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Log_Delivery.html). See [Log Delivery Configurations](#log-delivery-configurations) below for more details.
 * `maintenance_window` – (Optional) Specifies the weekly time range for when maintenance
 on the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC).
 The minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`.
@@ -103,6 +229,25 @@ The minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09
 * `subnet_group_name` – (Optional, VPC only) Name of the subnet group to be used for the cache cluster. Changing this value will re-create the resource.
 * `tags` - (Optional) Map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 
+### Log Delivery Configurations
+
+The `log_delivery_configurations` block allows the streaming of Redis [SLOWLOG](https://redis.io/commands/slowlog) to CloudWatch Logs or Kinesis Data Firehose.
+
+* `destination_details` - Destination details of either CloudWatch Logs or Kinesis Data Firehose. See [Log Delivery Configurations - Destination Details](#log-delivery-configurations---destination-details) below for more details.
+* `destination_type` - For CloudWatch Logs use `cloudwatch-logs` or for Kinesis Data Firehose use `kinesis-firehose`.
+* `log_format` - Valid values are `json` or `text`
+* `log_type` - (Optional) The only valid value is`slow-log`.
+
+### Log Delivery Configurations - Destination Details
+
+The `destination_details` block contains the target delivery stream or log group attribute. Only one of `kinesis_firehose` or `cloudwatch_logs` can be specified at a time.
+
+The `kinesis_firehose` block supports the following:
+  * `delivery_stream` - The name of an existing Kinesis Firehose delivery stream.
+
+The `cloudwatch_logs` block supports the following:
+  * `log_group` - The name of an existing CloudWatch Logs log group.
+
 ## Attributes Reference
 
 In addition to all arguments above, the following attributes are exported: