Skip to content

Commit

Permalink
feat: Add support for using container definition CloudWatch log group…
Browse files Browse the repository at this point in the history
… name as prefix (#126)
  • Loading branch information
bryantbiggs authored Oct 30, 2023
1 parent 4489660 commit cf4101e
Show file tree
Hide file tree
Showing 9 changed files with 155 additions and 143 deletions.
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.83.3
rev: v1.83.5
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each
Expand All @@ -24,7 +24,7 @@ repos:
- '--args=--only=terraform_standard_module_structure'
- '--args=--only=terraform_workspace_remote'
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
rev: v4.5.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
1 change: 1 addition & 0 deletions modules/container-definition/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ No modules.
|------|-------------|------|---------|:--------:|
| <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `null` | no |
| <a name="input_cloudwatch_log_group_retention_in_days"></a> [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events. Default is 30 days | `number` | `30` | no |
| <a name="input_cloudwatch_log_group_use_name_prefix"></a> [cloudwatch\_log\_group\_use\_name\_prefix](#input\_cloudwatch\_log\_group\_use\_name\_prefix) | Determines whether the log group name should be used as a prefix | `bool` | `false` | no |
| <a name="input_command"></a> [command](#input\_command) | The command that's passed to the container | `list(string)` | `[]` | no |
| <a name="input_cpu"></a> [cpu](#input\_cpu) | The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of `cpu` of all containers in a task will need to be lower than the task-level cpu value | `number` | `null` | no |
| <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a log group is created by this module. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |
Expand Down
5 changes: 4 additions & 1 deletion modules/container-definition/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ data "aws_region" "current" {}
locals {
is_not_windows = contains(["LINUX"], var.operating_system_family)

log_group_name = "/aws/ecs/${var.service}/${var.name}"

log_configuration = merge(
{ for k, v in {
logDriver = "awslogs",
Expand Down Expand Up @@ -64,7 +66,8 @@ locals {
resource "aws_cloudwatch_log_group" "this" {
count = var.create_cloudwatch_log_group && var.enable_cloudwatch_logging ? 1 : 0

name = "/aws/ecs/${var.service}/${var.name}"
name = var.cloudwatch_log_group_use_name_prefix ? null : local.log_group_name
name_prefix = var.cloudwatch_log_group_use_name_prefix ? "${local.log_group_name}-" : null
retention_in_days = var.cloudwatch_log_group_retention_in_days
kms_key_id = var.cloudwatch_log_group_kms_key_id

Expand Down
6 changes: 6 additions & 0 deletions modules/container-definition/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,12 @@ variable "create_cloudwatch_log_group" {
default = true
}

variable "cloudwatch_log_group_use_name_prefix" {
description = "Determines whether the log group name should be used as a prefix"
type = bool
default = false
}

variable "cloudwatch_log_group_retention_in_days" {
description = "Number of days to retain log events. Default is 30 days"
type = number
Expand Down
1 change: 1 addition & 0 deletions modules/service/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -572,6 +572,7 @@ module "container_definition" {
service = var.name
enable_cloudwatch_logging = try(each.value.enable_cloudwatch_logging, var.container_definition_defaults.enable_cloudwatch_logging, true)
create_cloudwatch_log_group = try(each.value.create_cloudwatch_log_group, var.container_definition_defaults.create_cloudwatch_log_group, true)
cloudwatch_log_group_use_name_prefix = try(each.value.cloudwatch_log_group_use_name_prefix, var.container_definition_defaults.cloudwatch_log_group_use_name_prefix, false)
cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.container_definition_defaults.cloudwatch_log_group_retention_in_days, 14)
cloudwatch_log_group_kms_key_id = try(each.value.cloudwatch_log_group_kms_key_id, var.container_definition_defaults.cloudwatch_log_group_kms_key_id, null)

Expand Down
32 changes: 16 additions & 16 deletions wrappers/cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,32 +3,32 @@ module "wrapper" {

for_each = var.items

create = try(each.value.create, var.defaults.create, true)
tags = try(each.value.tags, var.defaults.tags, {})
cluster_name = try(each.value.cluster_name, var.defaults.cluster_name, "")
cluster_configuration = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
autoscaling_capacity_providers = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
cloudwatch_log_group_kms_key_id = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
cloudwatch_log_group_tags = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
cluster_configuration = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
cluster_name = try(each.value.cluster_name, var.defaults.cluster_name, "")
cluster_service_connect_defaults = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
cluster_settings = try(each.value.cluster_settings, var.defaults.cluster_settings, {
name = "containerInsights"
value = "enabled"
})
cluster_service_connect_defaults = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
create = try(each.value.create, var.defaults.create, true)
create_cloudwatch_log_group = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
cloudwatch_log_group_kms_key_id = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
cloudwatch_log_group_tags = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
create_task_exec_iam_role = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
create_task_exec_policy = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
default_capacity_provider_use_fargate = try(each.value.default_capacity_provider_use_fargate, var.defaults.default_capacity_provider_use_fargate, true)
fargate_capacity_providers = try(each.value.fargate_capacity_providers, var.defaults.fargate_capacity_providers, {})
autoscaling_capacity_providers = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
create_task_exec_iam_role = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
tags = try(each.value.tags, var.defaults.tags, {})
task_exec_iam_role_description = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
task_exec_iam_role_name = try(each.value.task_exec_iam_role_name, var.defaults.task_exec_iam_role_name, null)
task_exec_iam_role_use_name_prefix = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
task_exec_iam_role_path = try(each.value.task_exec_iam_role_path, var.defaults.task_exec_iam_role_path, null)
task_exec_iam_role_description = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
task_exec_iam_role_permissions_boundary = try(each.value.task_exec_iam_role_permissions_boundary, var.defaults.task_exec_iam_role_permissions_boundary, null)
task_exec_iam_role_tags = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
task_exec_iam_role_policies = try(each.value.task_exec_iam_role_policies, var.defaults.task_exec_iam_role_policies, {})
create_task_exec_policy = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
task_exec_ssm_param_arns = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
task_exec_secret_arns = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
task_exec_iam_role_tags = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
task_exec_iam_role_use_name_prefix = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
task_exec_iam_statements = try(each.value.task_exec_iam_statements, var.defaults.task_exec_iam_statements, {})
task_exec_secret_arns = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
task_exec_ssm_param_arns = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
}
15 changes: 8 additions & 7 deletions wrappers/container-definition/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,19 @@ module "wrapper" {

for_each = var.items

operating_system_family = try(each.value.operating_system_family, var.defaults.operating_system_family, "LINUX")
cloudwatch_log_group_kms_key_id = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 30)
cloudwatch_log_group_use_name_prefix = try(each.value.cloudwatch_log_group_use_name_prefix, var.defaults.cloudwatch_log_group_use_name_prefix, false)
command = try(each.value.command, var.defaults.command, [])
cpu = try(each.value.cpu, var.defaults.cpu, null)
create_cloudwatch_log_group = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
dependencies = try(each.value.dependencies, var.defaults.dependencies, [])
disable_networking = try(each.value.disable_networking, var.defaults.disable_networking, null)
dns_search_domains = try(each.value.dns_search_domains, var.defaults.dns_search_domains, [])
dns_servers = try(each.value.dns_servers, var.defaults.dns_servers, [])
docker_labels = try(each.value.docker_labels, var.defaults.docker_labels, {})
docker_security_options = try(each.value.docker_security_options, var.defaults.docker_security_options, [])
enable_cloudwatch_logging = try(each.value.enable_cloudwatch_logging, var.defaults.enable_cloudwatch_logging, true)
entrypoint = try(each.value.entrypoint, var.defaults.entrypoint, [])
environment = try(each.value.environment, var.defaults.environment, [])
environment_files = try(each.value.environment_files, var.defaults.environment_files, [])
Expand All @@ -29,24 +33,21 @@ module "wrapper" {
memory_reservation = try(each.value.memory_reservation, var.defaults.memory_reservation, null)
mount_points = try(each.value.mount_points, var.defaults.mount_points, [])
name = try(each.value.name, var.defaults.name, null)
operating_system_family = try(each.value.operating_system_family, var.defaults.operating_system_family, "LINUX")
port_mappings = try(each.value.port_mappings, var.defaults.port_mappings, [])
privileged = try(each.value.privileged, var.defaults.privileged, false)
pseudo_terminal = try(each.value.pseudo_terminal, var.defaults.pseudo_terminal, false)
readonly_root_filesystem = try(each.value.readonly_root_filesystem, var.defaults.readonly_root_filesystem, true)
repository_credentials = try(each.value.repository_credentials, var.defaults.repository_credentials, {})
resource_requirements = try(each.value.resource_requirements, var.defaults.resource_requirements, [])
secrets = try(each.value.secrets, var.defaults.secrets, [])
service = try(each.value.service, var.defaults.service, "")
start_timeout = try(each.value.start_timeout, var.defaults.start_timeout, 30)
stop_timeout = try(each.value.stop_timeout, var.defaults.stop_timeout, 120)
system_controls = try(each.value.system_controls, var.defaults.system_controls, [])
tags = try(each.value.tags, var.defaults.tags, {})
ulimits = try(each.value.ulimits, var.defaults.ulimits, [])
user = try(each.value.user, var.defaults.user, null)
volumes_from = try(each.value.volumes_from, var.defaults.volumes_from, [])
working_directory = try(each.value.working_directory, var.defaults.working_directory, null)
service = try(each.value.service, var.defaults.service, "")
enable_cloudwatch_logging = try(each.value.enable_cloudwatch_logging, var.defaults.enable_cloudwatch_logging, true)
create_cloudwatch_log_group = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 30)
cloudwatch_log_group_kms_key_id = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
tags = try(each.value.tags, var.defaults.tags, {})
}
Loading

0 comments on commit cf4101e

Please sign in to comment.