diff --git a/README.md b/README.md
index 7480de9..7e602e4 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,6 @@ Terraform 0.11. Pin module version to ~> 3.5.0 . Submit pull-requests to terrafo
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs"
- region = "us-west-2"
}
```
@@ -38,7 +37,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-elb"
- region = "us-west-2"
default_allow = false
allow_elb = true
}
@@ -50,7 +48,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-lb"
- region = "us-west-2"
default_allow = false
allow_alb = true
allow_elb = true
@@ -63,7 +60,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-cloudtrail"
- region = "us-west-2"
default_allow = false
allow_cloudtrail = true
cloudtrail_accounts = [data.aws_caller_identity.current.account_id, aws_organizations_account.example.id]
@@ -76,7 +72,6 @@ module "aws_logs" {
module "aws_logs" {
source = "trussworks/logs/aws"
s3_bucket_name = "my-company-aws-logs-lb"
- region = "us-west-2"
default_allow = false
allow_alb = true
allow_nlb = true
@@ -133,7 +128,6 @@ module "aws_logs" {
| nlb\_account | Account for NLB logs. By default limits to the current account. | `string` | `""` | no |
| nlb\_logs\_prefixes | S3 key prefixes for NLB logs. | `list(string)` |
[
"nlb"
]
| no |
| redshift\_logs\_prefix | S3 prefix for RedShift logs. | `string` | `"redshift"` | no |
-| region | Region where the AWS S3 bucket will be created. | `string` | n/a | yes |
| s3\_bucket\_acl | Set bucket ACL per [AWS S3 Canned ACL]() list. | `string` | `"log-delivery-write"` | no |
| s3\_bucket\_name | S3 bucket to store AWS logs in. | `string` | n/a | yes |
| s3\_log\_bucket\_retention | Number of days to keep AWS logs around. | `string` | `90` | no |
@@ -152,6 +146,10 @@ module "aws_logs" {
## Upgrade Paths
+### Upgrading from 9.0.0 to 10.x.x
+
+Version 10.x.x removes the `region` variable as it will pull from the region that your AWS session is associated with.
+
### Upgrading from 6.0.0 to 7.x.x
This release simplifies `nlb_logs_prefixes` and `alb_logs_prefixes` to no longer need to pass in a formatted list and instead can be referenced as
diff --git a/examples/alb/main.tf b/examples/alb/main.tf
index 86dfa28..d3cb4b3 100644
--- a/examples/alb/main.tf
+++ b/examples/alb/main.tf
@@ -3,7 +3,6 @@ module "aws_logs" {
s3_bucket_name = var.test_name
alb_logs_prefixes = var.alb_logs_prefixes
- region = var.region
allow_alb = true
default_allow = false
diff --git a/examples/alb_remote/main.tf b/examples/alb_remote/main.tf
index e6e9588..8683aea 100644
--- a/examples/alb_remote/main.tf
+++ b/examples/alb_remote/main.tf
@@ -6,7 +6,6 @@ module "aws_logs" {
s3_bucket_name = var.test_name
alb_logs_prefixes = var.alb_logs_prefixes
- region = var.region
allow_alb = true
default_allow = false
diff --git a/examples/cloudtrail/main.tf b/examples/cloudtrail/main.tf
index ff9aa31..6aa0d27 100644
--- a/examples/cloudtrail/main.tf
+++ b/examples/cloudtrail/main.tf
@@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"
s3_bucket_name = var.test_name
- region = var.region
force_destroy = var.force_destroy
cloudtrail_logs_prefix = var.cloudtrail_logs_prefix
diff --git a/examples/combined/main.tf b/examples/combined/main.tf
index 809283a..ac5c16a 100644
--- a/examples/combined/main.tf
+++ b/examples/combined/main.tf
@@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"
s3_bucket_name = var.test_name
- region = var.region
default_allow = true
force_destroy = var.force_destroy
@@ -32,7 +31,7 @@ module "aws_cloudtrail" {
module "config" {
source = "trussworks/config/aws"
- version = "~> 3"
+ version = "~> 4"
config_name = var.test_name
config_logs_bucket = module.aws_logs.aws_logs_bucket
diff --git a/examples/combined/providers.tf b/examples/combined/providers.tf
index dcdb391..992fe1d 100644
--- a/examples/combined/providers.tf
+++ b/examples/combined/providers.tf
@@ -1,3 +1,4 @@
provider "aws" {
version = "~> 3.0"
+ region = var.region
}
diff --git a/examples/combined/variables.tf b/examples/combined/variables.tf
index a314444..37a8ed3 100644
--- a/examples/combined/variables.tf
+++ b/examples/combined/variables.tf
@@ -2,6 +2,10 @@ variable "test_name" {
type = string
}
+variable "config_name" {
+ type = string
+}
+
variable "region" {
type = string
}
@@ -18,3 +22,7 @@ variable "test_redshift" {
variable "force_destroy" {
type = bool
}
+
+variable "config_logs_bucket" {
+ type = string
+}
diff --git a/examples/config/main.tf b/examples/config/main.tf
index 1aac3a2..6aa5f46 100644
--- a/examples/config/main.tf
+++ b/examples/config/main.tf
@@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"
s3_bucket_name = var.test_name
- region = var.region
allow_config = true
default_allow = false
config_logs_prefix = var.config_logs_prefix
@@ -10,12 +9,12 @@ module "aws_logs" {
force_destroy = var.force_destroy
}
+
module "config" {
source = "trussworks/config/aws"
- version = "~> 3"
+ version = "~> 4"
- config_name = var.test_name
- config_logs_bucket = module.aws_logs.aws_logs_bucket
- config_logs_prefix = var.config_logs_prefix
- config_sns_topic_arn = "bandana"
+ config_name = var.test_name
+ config_logs_bucket = module.aws_logs.aws_logs_bucket
+ config_logs_prefix = var.config_logs_prefix
}
diff --git a/examples/config/providers.tf b/examples/config/providers.tf
index dcdb391..992fe1d 100644
--- a/examples/config/providers.tf
+++ b/examples/config/providers.tf
@@ -1,3 +1,4 @@
provider "aws" {
version = "~> 3.0"
+ region = var.region
}
diff --git a/examples/config/variables.tf b/examples/config/variables.tf
index b786c7e..472c8fd 100644
--- a/examples/config/variables.tf
+++ b/examples/config/variables.tf
@@ -2,6 +2,10 @@ variable "test_name" {
type = string
}
+variable "config_name" {
+ type = string
+}
+
variable "region" {
type = string
}
diff --git a/examples/elb/main.tf b/examples/elb/main.tf
index b84ce26..5a6452a 100644
--- a/examples/elb/main.tf
+++ b/examples/elb/main.tf
@@ -3,7 +3,6 @@ module "aws_logs" {
s3_bucket_name = var.test_name
elb_logs_prefix = var.elb_logs_prefix
- region = var.region
allow_elb = true
default_allow = false
diff --git a/examples/nlb/main.tf b/examples/nlb/main.tf
index af50441..1da1b3e 100644
--- a/examples/nlb/main.tf
+++ b/examples/nlb/main.tf
@@ -3,7 +3,6 @@ module "aws_logs" {
s3_bucket_name = var.test_name
nlb_logs_prefixes = var.nlb_logs_prefixes
- region = var.region
allow_nlb = true
default_allow = false
diff --git a/examples/nlb_remote/main.tf b/examples/nlb_remote/main.tf
index 10b8165..1528e19 100644
--- a/examples/nlb_remote/main.tf
+++ b/examples/nlb_remote/main.tf
@@ -6,7 +6,6 @@ module "aws_logs" {
s3_bucket_name = var.test_name
nlb_logs_prefixes = var.nlb_logs_prefixes
- region = var.region
allow_nlb = true
default_allow = false
diff --git a/examples/redshift/main.tf b/examples/redshift/main.tf
index 97656c8..2df2c89 100644
--- a/examples/redshift/main.tf
+++ b/examples/redshift/main.tf
@@ -3,7 +3,6 @@ module "aws_logs" {
s3_bucket_name = var.test_name
redshift_logs_prefix = var.redshift_logs_prefix
- region = var.region
allow_redshift = true
default_allow = false
diff --git a/examples/s3/main.tf b/examples/s3/main.tf
index 8945168..295f13d 100644
--- a/examples/s3/main.tf
+++ b/examples/s3/main.tf
@@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"
s3_bucket_name = var.test_name
- region = var.region
default_allow = false
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
index faafaa2..8f2a2f4 100644
--- a/examples/simple/main.tf
+++ b/examples/simple/main.tf
@@ -2,7 +2,6 @@ module "aws_logs" {
source = "../../"
s3_bucket_name = var.test_name
- region = var.region
force_destroy = var.force_destroy
tags = var.tags
diff --git a/main.tf b/main.tf
index 0575327..a8bb71d 100644
--- a/main.tf
+++ b/main.tf
@@ -16,6 +16,11 @@ data "aws_caller_identity" "current" {
data "aws_partition" "current" {
}
+# The region is pulled from the current AWS session you are in
+data "aws_region" "current" {
+
+}
+
locals {
# S3 bucket ARN
bucket_arn = "arn:${data.aws_partition.current.partition}:s3:::${var.s3_bucket_name}"
@@ -48,7 +53,7 @@ locals {
cloudwatch_effect = var.default_allow || var.allow_cloudwatch ? "Allow" : "Deny"
# region specific logs service principal
- cloudwatch_service = "logs.${var.region}.amazonaws.com"
+ cloudwatch_service = "logs.${data.aws_region.current.name}.amazonaws.com"
cloudwatch_resource = "${local.bucket_arn}/${var.cloudwatch_logs_prefix}/*"
diff --git a/test/terraform_aws_logs_cloudtrail_test.go b/test/terraform_aws_logs_cloudtrail_test.go
index d477725..68c2ec8 100644
--- a/test/terraform_aws_logs_cloudtrail_test.go
+++ b/test/terraform_aws_logs_cloudtrail_test.go
@@ -1,6 +1,5 @@
package test
-/*
import (
"fmt"
"strings"
@@ -57,4 +56,3 @@ func TestTerraformAwsLogsCloudtrailRootPrefix(t *testing.T) {
defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)
}
-*/
diff --git a/test/terraform_aws_logs_combined_test.go b/test/terraform_aws_logs_combined_test.go
index f962a30..9e4a353 100644
--- a/test/terraform_aws_logs_combined_test.go
+++ b/test/terraform_aws_logs_combined_test.go
@@ -1,6 +1,5 @@
package test
-/*
import (
"fmt"
"strings"
@@ -14,6 +13,8 @@ import (
func TestTerraformAwsLogsCombined(t *testing.T) {
// Note: do not run this test in t.Parallel() mode.
+ configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId()))
+ expectedConfigLogsBucket := fmt.Sprintf("terratest-%s", configName)
tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/combined")
testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId()))
@@ -26,11 +27,13 @@ func TestTerraformAwsLogsCombined(t *testing.T) {
terraformOptions := &terraform.Options{
TerraformDir: tempTestFolder,
Vars: map[string]interface{}{
- "region": awsRegion,
- "vpc_azs": vpcAzs,
- "test_name": testName,
- "test_redshift": testRedshift,
- "force_destroy": true,
+ "region": awsRegion,
+ "vpc_azs": vpcAzs,
+ "config_name": configName,
+ "config_logs_bucket": expectedConfigLogsBucket,
+ "test_name": testName,
+ "test_redshift": testRedshift,
+ "force_destroy": true,
},
EnvVars: map[string]string{
"AWS_DEFAULT_REGION": awsRegion,
@@ -40,4 +43,3 @@ func TestTerraformAwsLogsCombined(t *testing.T) {
defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)
}
-*/
diff --git a/test/terraform_aws_logs_config_test.go b/test/terraform_aws_logs_config_test.go
index c668de3..bc7aa17 100644
--- a/test/terraform_aws_logs_config_test.go
+++ b/test/terraform_aws_logs_config_test.go
@@ -1,6 +1,5 @@
package test
-/*
import (
"fmt"
"strings"
@@ -14,6 +13,8 @@ import (
func TestTerraformAwsLogsConfig(t *testing.T) {
t.Parallel()
+ configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId()))
+
testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId()))
tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config")
// AWS only supports one configuration recorder per region.
@@ -25,6 +26,7 @@ func TestTerraformAwsLogsConfig(t *testing.T) {
Vars: map[string]interface{}{
"region": awsRegion,
"test_name": testName,
+ "config_name": configName,
"force_destroy": true,
"config_logs_prefix": testName,
},
@@ -40,6 +42,8 @@ func TestTerraformAwsLogsConfig(t *testing.T) {
func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) {
t.Parallel()
+ configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId()))
+
testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId()))
tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config")
// AWS only supports one configuration recorder per region.
@@ -51,6 +55,7 @@ func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) {
Vars: map[string]interface{}{
"region": awsRegion,
"test_name": testName,
+ "config_name": configName,
"force_destroy": true,
"config_logs_prefix": "",
},
@@ -62,4 +67,3 @@ func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) {
defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)
}
-*/
diff --git a/variables.tf b/variables.tf
index 9c125c8..3a5042a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -3,11 +3,6 @@ variable "s3_bucket_name" {
type = string
}
-variable "region" {
- description = "Region where the AWS S3 bucket will be created."
- type = string
-}
-
variable "s3_log_bucket_retention" {
description = "Number of days to keep AWS logs around."
default = 90