This module creates an athena db, a corresponding query to create a table and some general log queries for each service for which you provide the log bucket name.
Supported services are CloudFront, CloudTrail and SES.
This contains templates for the individual athena queries
This query creates the table cloudfront_logs if it doesn't already exist. This table is used by all other cloudfront queries.
This displays all logs from yesterday and today, with a reduced set of columns.
This displays all logs from yesterday and today for a single given request IP, with a reduced set of columns.
This displays all logs from a specific cloudfront distribution that you can identify by it's domain name.
Some possible filter parameter are added as comments.
This query creates the table cloudtrail_logs if it doesn't already exist. This table is used by all other cloudtrail queries.
This displays all logs for Console Login events, ordered by date.
This query creates the table ses_logs if it doesn't already exist. This table is used by all other ses queries.
This displays the number of non-supressed bounced and send emails for each day. Logging send and bounced events is required for this, if only one or neither is logged this will not display anything.
It excludes mails send to addresses on one of the suppression lists, since such emails are not counted for your ses bounce ratio metric.
This displays the amount of non-suppresed bounced emails for each day.
This displays timestamp, source, destination and diagnosticcode for each bounced email.
We rely on pre-commit hooks to ensure the good code quality. It's also responsible for creating terraform-docs.
We have several default workflows prepared.
checkov scans the terraform manifests for common misconfigurations.
We want to enforce conventional commits to ensure our semantic-release works correctly.
Whenever new commits are merged into the main branch we want a new release to be created.
Terraform linter for finding possible errors, old syntax, unused declarations etc. Also it enforces best practices. See tflint.
We recommend protecting the main branch and to allow new code pushes only via Pull Requests. This way it's ensured that all tests pass before a new release is pushed.
| Name | Version |
|---|---|
| terraform | >= 1.6.0 |
| aws | >= 4.55.0 |
| Name | Version |
|---|---|
| aws | >= 4.55.0 |
No modules.
| Name | Type |
|---|---|
| aws_athena_database.cloudfront | resource |
| aws_athena_database.cloudtrail | resource |
| aws_athena_database.ses | resource |
| aws_athena_named_query.cloudfront | resource |
| aws_athena_named_query.cloudtrail | resource |
| aws_athena_named_query.ses | resource |
| aws_caller_identity.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudfront | The name of the s3 bucket containing the cloudfront logs. Creates a db and saved cloudfront queries if set. | string |
null |
no |
| cloudtrail | Configuration for cloudtrail. Creates a db and saved cloudfront queries if bucket_name is set. Only set prefix if you configured one in your cloudtrail | object({ |
{ |
no |
| query_bucket_name | The name of the bucket to save the query into. | string |
n/a | yes |
| ses | The name of the s3 bucket containing the ses logs. Creates a db and saved ses queries if set | string |
null |
no |
No outputs.