Skip to content

Commit

Permalink
Merge pull request #100 from trussworks/am-fixing-cloudtrail-logs-dep…
Browse files Browse the repository at this point in the history
…endancy

finished Upgrading logs to TF13 with all test working
  • Loading branch information
mdrummerboy09 authored Sep 10, 2020
2 parents 6967135 + 9010cd5 commit 14c946b
Show file tree
Hide file tree
Showing 21 changed files with 45 additions and 40 deletions.
10 changes: 4 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ Terraform 0.11. Pin module version to ~> 3.5.0 . Submit pull-requests to terrafo
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs"
region = "us-west-2"
}
```

Expand All @@ -38,7 +37,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-elb"
region = "us-west-2"
default_allow = false
allow_elb = true
}
Expand All @@ -50,7 +48,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-lb"
region = "us-west-2"
default_allow = false
allow_alb = true
allow_elb = true
Expand All @@ -63,7 +60,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-cloudtrail"
region = "us-west-2"
default_allow = false
allow_cloudtrail = true
cloudtrail_accounts = [data.aws_caller_identity.current.account_id, aws_organizations_account.example.id]
Expand All @@ -76,7 +72,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-lb"
region = "us-west-2"
default_allow = false
allow_alb = true
allow_nlb = true
Expand Down Expand Up @@ -133,7 +128,6 @@ module "aws_logs" {
| nlb\_account | Account for NLB logs. By default limits to the current account. | `string` | `""` | no |
| nlb\_logs\_prefixes | S3 key prefixes for NLB logs. | `list(string)` | <pre>[<br> "nlb"<br>]</pre> | no |
| redshift\_logs\_prefix | S3 prefix for RedShift logs. | `string` | `"redshift"` | no |
| region | Region where the AWS S3 bucket will be created. | `string` | n/a | yes |
| s3\_bucket\_acl | Set bucket ACL per [AWS S3 Canned ACL](<https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl>) list. | `string` | `"log-delivery-write"` | no |
| s3\_bucket\_name | S3 bucket to store AWS logs in. | `string` | n/a | yes |
| s3\_log\_bucket\_retention | Number of days to keep AWS logs around. | `string` | `90` | no |
Expand All @@ -152,6 +146,10 @@ module "aws_logs" {

## Upgrade Paths

### Upgrading from 9.0.0 to 10.x.x

Version 10.x.x removes the `region` variable as it will pull from the region that your AWS session is associated with.

### Upgrading from 6.0.0 to 7.x.x

This release simplifies `nlb_logs_prefixes` and `alb_logs_prefixes` to no longer need to pass in a formatted list and instead can be referenced as
Expand Down
1 change: 0 additions & 1 deletion examples/alb/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ module "aws_logs" {

s3_bucket_name = var.test_name
alb_logs_prefixes = var.alb_logs_prefixes
region = var.region
allow_alb = true
default_allow = false

Expand Down
1 change: 0 additions & 1 deletion examples/alb_remote/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ module "aws_logs" {

s3_bucket_name = var.test_name
alb_logs_prefixes = var.alb_logs_prefixes
region = var.region
allow_alb = true
default_allow = false

Expand Down
1 change: 0 additions & 1 deletion examples/cloudtrail/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"

s3_bucket_name = var.test_name
region = var.region
force_destroy = var.force_destroy
cloudtrail_logs_prefix = var.cloudtrail_logs_prefix

Expand Down
3 changes: 1 addition & 2 deletions examples/combined/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"

s3_bucket_name = var.test_name
region = var.region
default_allow = true

force_destroy = var.force_destroy
Expand Down Expand Up @@ -32,7 +31,7 @@ module "aws_cloudtrail" {

module "config" {
source = "trussworks/config/aws"
version = "~> 3"
version = "~> 4"

config_name = var.test_name
config_logs_bucket = module.aws_logs.aws_logs_bucket
Expand Down
1 change: 1 addition & 0 deletions examples/combined/providers.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
provider "aws" {
version = "~> 3.0"
region = var.region
}
8 changes: 8 additions & 0 deletions examples/combined/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ variable "test_name" {
type = string
}

variable "config_name" {
type = string
}

variable "region" {
type = string
}
Expand All @@ -18,3 +22,7 @@ variable "test_redshift" {
variable "force_destroy" {
type = bool
}

variable "config_logs_bucket" {
type = string
}
11 changes: 5 additions & 6 deletions examples/config/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,19 @@ module "aws_logs" {
source = "../../"

s3_bucket_name = var.test_name
region = var.region
allow_config = true
default_allow = false
config_logs_prefix = var.config_logs_prefix

force_destroy = var.force_destroy
}


module "config" {
source = "trussworks/config/aws"
version = "~> 3"
version = "~> 4"

config_name = var.test_name
config_logs_bucket = module.aws_logs.aws_logs_bucket
config_logs_prefix = var.config_logs_prefix
config_sns_topic_arn = "bandana"
config_name = var.test_name
config_logs_bucket = module.aws_logs.aws_logs_bucket
config_logs_prefix = var.config_logs_prefix
}
1 change: 1 addition & 0 deletions examples/config/providers.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
provider "aws" {
version = "~> 3.0"
region = var.region
}
4 changes: 4 additions & 0 deletions examples/config/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ variable "test_name" {
type = string
}

variable "config_name" {
type = string
}

variable "region" {
type = string
}
Expand Down
1 change: 0 additions & 1 deletion examples/elb/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ module "aws_logs" {

s3_bucket_name = var.test_name
elb_logs_prefix = var.elb_logs_prefix
region = var.region
allow_elb = true
default_allow = false

Expand Down
1 change: 0 additions & 1 deletion examples/nlb/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ module "aws_logs" {

s3_bucket_name = var.test_name
nlb_logs_prefixes = var.nlb_logs_prefixes
region = var.region
allow_nlb = true
default_allow = false

Expand Down
1 change: 0 additions & 1 deletion examples/nlb_remote/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ module "aws_logs" {

s3_bucket_name = var.test_name
nlb_logs_prefixes = var.nlb_logs_prefixes
region = var.region
allow_nlb = true
default_allow = false

Expand Down
1 change: 0 additions & 1 deletion examples/redshift/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ module "aws_logs" {

s3_bucket_name = var.test_name
redshift_logs_prefix = var.redshift_logs_prefix
region = var.region
allow_redshift = true
default_allow = false

Expand Down
1 change: 0 additions & 1 deletion examples/s3/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"

s3_bucket_name = var.test_name
region = var.region

default_allow = false

Expand Down
1 change: 0 additions & 1 deletion examples/simple/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"

s3_bucket_name = var.test_name
region = var.region

force_destroy = var.force_destroy
tags = var.tags
Expand Down
7 changes: 6 additions & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@ data "aws_caller_identity" "current" {
data "aws_partition" "current" {
}

# The region is pulled from the current AWS session you are in
data "aws_region" "current" {

}

locals {
# S3 bucket ARN
bucket_arn = "arn:${data.aws_partition.current.partition}:s3:::${var.s3_bucket_name}"
Expand Down Expand Up @@ -48,7 +53,7 @@ locals {
cloudwatch_effect = var.default_allow || var.allow_cloudwatch ? "Allow" : "Deny"

# region specific logs service principal
cloudwatch_service = "logs.${var.region}.amazonaws.com"
cloudwatch_service = "logs.${data.aws_region.current.name}.amazonaws.com"

cloudwatch_resource = "${local.bucket_arn}/${var.cloudwatch_logs_prefix}/*"

Expand Down
2 changes: 0 additions & 2 deletions test/terraform_aws_logs_cloudtrail_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package test

/*
import (
"fmt"
"strings"
Expand Down Expand Up @@ -57,4 +56,3 @@ func TestTerraformAwsLogsCloudtrailRootPrefix(t *testing.T) {
defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)
}
*/
16 changes: 9 additions & 7 deletions test/terraform_aws_logs_combined_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package test

/*
import (
"fmt"
"strings"
Expand All @@ -14,6 +13,8 @@ import (

func TestTerraformAwsLogsCombined(t *testing.T) {
// Note: do not run this test in t.Parallel() mode.
configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId()))
expectedConfigLogsBucket := fmt.Sprintf("terratest-%s", configName)

tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/combined")
testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId()))
Expand All @@ -26,11 +27,13 @@ func TestTerraformAwsLogsCombined(t *testing.T) {
terraformOptions := &terraform.Options{
TerraformDir: tempTestFolder,
Vars: map[string]interface{}{
"region": awsRegion,
"vpc_azs": vpcAzs,
"test_name": testName,
"test_redshift": testRedshift,
"force_destroy": true,
"region": awsRegion,
"vpc_azs": vpcAzs,
"config_name": configName,
"config_logs_bucket": expectedConfigLogsBucket,
"test_name": testName,
"test_redshift": testRedshift,
"force_destroy": true,
},
EnvVars: map[string]string{
"AWS_DEFAULT_REGION": awsRegion,
Expand All @@ -40,4 +43,3 @@ func TestTerraformAwsLogsCombined(t *testing.T) {
defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)
}
*/
8 changes: 6 additions & 2 deletions test/terraform_aws_logs_config_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package test

/*
import (
"fmt"
"strings"
Expand All @@ -14,6 +13,8 @@ import (
func TestTerraformAwsLogsConfig(t *testing.T) {
t.Parallel()

configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId()))

testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId()))
tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config")
// AWS only supports one configuration recorder per region.
Expand All @@ -25,6 +26,7 @@ func TestTerraformAwsLogsConfig(t *testing.T) {
Vars: map[string]interface{}{
"region": awsRegion,
"test_name": testName,
"config_name": configName,
"force_destroy": true,
"config_logs_prefix": testName,
},
Expand All @@ -40,6 +42,8 @@ func TestTerraformAwsLogsConfig(t *testing.T) {
func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) {
t.Parallel()

configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId()))

testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId()))
tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config")
// AWS only supports one configuration recorder per region.
Expand All @@ -51,6 +55,7 @@ func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) {
Vars: map[string]interface{}{
"region": awsRegion,
"test_name": testName,
"config_name": configName,
"force_destroy": true,
"config_logs_prefix": "",
},
Expand All @@ -62,4 +67,3 @@ func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) {
defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)
}
*/
5 changes: 0 additions & 5 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,6 @@ variable "s3_bucket_name" {
type = string
}

variable "region" {
description = "Region where the AWS S3 bucket will be created."
type = string
}

variable "s3_log_bucket_retention" {
description = "Number of days to keep AWS logs around."
default = 90
Expand Down

0 comments on commit 14c946b

Please sign in to comment.