Add cloudwatch-log-group module

Author: posquit0

modules/cloudwatch-log-group/README.md

@@ -0,0 +1,58 @@
+# cloudwatch-log-group
+
+This module creates following resources.
+
+- `aws_cloudwatch_log_group`
+- `aws_cloudwatch_log_stream` (optional)
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.22.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_stream) | resource |
+| [aws_resourcegroups_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourcegroups_group) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | (Required) The name of the CloudWatch log group. | `string` | n/a | yes |
+| <a name="input_encryption_kms_key"></a> [encryption\_kms\_key](#input\_encryption\_kms\_key) | (Optional) The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | `string` | `null` | no |
+| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
+| <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
+| <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
+| <a name="input_retention_in_days"></a> [retention\_in\_days](#input\_retention\_in\_days) | (Optional) Specify the number of days to retain log events in the log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to `90` days. | `number` | `90` | no |
+| <a name="input_streams"></a> [streams](#input\_streams) | (Optional) A list of log streams for the CloudWatch log group. | `set(string)` | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the CloudWatch log group. |
+| <a name="output_encryption_kms_key"></a> [encryption\_kms\_key](#output\_encryption\_kms\_key) | The ARN of the KMS Key for log data encryption. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the CloudWatch log group. |
+| <a name="output_name"></a> [name](#output\_name) | The name of CloudWatch log group. |
+| <a name="output_retention_in_days"></a> [retention\_in\_days](#output\_retention\_in\_days) | The number of days to retain log events in the log group. |
+| <a name="output_streams"></a> [streams](#output\_streams) | The list of log streams for the log group. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/cloudwatch-log-group/main.tf

@@ -0,0 +1,47 @@
+locals {
+  metadata = {
+    package = "terraform-aws-observability"
+    version = trimspace(file("${path.module}/../../VERSION"))
+    module  = basename(path.module)
+    name    = var.name
+  }
+  module_tags = var.module_tags_enabled ? {
+    "module.terraform.io/package"   = local.metadata.package
+    "module.terraform.io/version"   = local.metadata.version
+    "module.terraform.io/name"      = local.metadata.module
+    "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
+    "module.terraform.io/instance"  = local.metadata.name
+  } : {}
+}
+
+
+###################################################
+# CloudWatch Log Group
+###################################################
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = var.name
+
+  retention_in_days = var.retention_in_days
+  kms_key_id        = var.encryption_kms_key
+
+  tags = merge(
+    {
+      "Name" = local.metadata.name
+    },
+    local.module_tags,
+    var.tags,
+  )
+}
+
+
+###################################################
+# Log Streams for CloudWatch Log Group
+###################################################
+
+resource "aws_cloudwatch_log_stream" "this" {
+  for_each = var.streams
+
+  name           = each.key
+  log_group_name = aws_cloudwatch_log_group.this.name
+}

modules/cloudwatch-log-group/outputs.tf

@@ -0,0 +1,35 @@
+output "arn" {
+  description = "The ARN of the CloudWatch log group."
+  value       = aws_cloudwatch_log_group.this.arn
+}
+
+output "id" {
+  description = "The ID of the CloudWatch log group."
+  value       = aws_cloudwatch_log_group.this.id
+}
+
+output "name" {
+  description = "The name of CloudWatch log group."
+  value       = aws_cloudwatch_log_group.this.name
+}
+
+output "retention_in_days" {
+  description = "The number of days to retain log events in the log group."
+  value       = aws_cloudwatch_log_group.this.retention_in_days
+}
+
+output "encryption_kms_key" {
+  description = "The ARN of the KMS Key for log data encryption."
+  value       = aws_cloudwatch_log_group.this.kms_key_id
+}
+
+output "streams" {
+  description = "The list of log streams for the log group."
+  value = {
+    for name, stream in aws_cloudwatch_log_stream.this :
+    name => {
+      arn  = stream.arn
+      name = stream.name
+    }
+  }
+}

modules/cloudwatch-log-group/resource-group.tf

@@ -0,0 +1,44 @@
+locals {
+  resource_group_name = (var.resource_group_name != ""
+    ? var.resource_group_name
+    : join(".", [
+      local.metadata.package,
+      local.metadata.module,
+      replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
+    ])
+  )
+  resource_group_filters = [
+    for key, value in local.module_tags : {
+      "Key"    = key
+      "Values" = [value]
+    }
+  ]
+  resource_group_query = <<-JSON
+  {
+    "ResourceTypeFilters": [
+      "AWS::AllSupported"
+    ],
+    "TagFilters": ${jsonencode(local.resource_group_filters)}
+  }
+  JSON
+}
+
+resource "aws_resourcegroups_group" "this" {
+  count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0
+
+  name        = local.resource_group_name
+  description = var.resource_group_description
+
+  resource_query {
+    type  = "TAG_FILTERS_1_0"
+    query = local.resource_group_query
+  }
+
+  tags = merge(
+    {
+      "Name" = local.resource_group_name
+    },
+    local.module_tags,
+    var.tags,
+  )
+}

modules/cloudwatch-log-group/variables.tf

@@ -0,0 +1,60 @@
+variable "name" {
+  description = "(Required) The name of the CloudWatch log group."
+  type        = string
+}
+
+variable "retention_in_days" {
+  description = "(Optional) Specify the number of days to retain log events in the log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to `90` days."
+  type        = number
+  default     = 90
+}
+
+variable "encryption_kms_key" {
+  description = "(Optional) The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested."
+  type        = string
+  default     = null
+}
+
+variable "streams" {
+  description = "(Optional) A list of log streams for the CloudWatch log group."
+  type        = set(string)
+  default     = []
+  nullable    = false
+}
+
+variable "tags" {
+  description = "(Optional) A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+  nullable    = false
+}
+
+variable "module_tags_enabled" {
+  description = "(Optional) Whether to create AWS Resource Tags for the module informations."
+  type        = bool
+  default     = true
+  nullable    = false
+}
+
+
+###################################################
+# Resource Group
+###################################################
+
+variable "resource_group_enabled" {
+  description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module."
+  type        = bool
+  default     = true
+}
+
+variable "resource_group_name" {
+  description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`."
+  type        = string
+  default     = ""
+}
+
+variable "resource_group_description" {
+  description = "(Optional) The description of Resource Group."
+  type        = string
+  default     = "Managed by Terraform."
+}

modules/cloudwatch-log-group/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.2"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.22"
+    }
+  }
+}