diff --git a/README.md b/README.md index 7480de9..7e602e4 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ Terraform 0.11. Pin module version to ~> 3.5.0 . Submit pull-requests to terrafo module "aws_logs" { source = "trussworks/logs/aws" s3_bucket_name = "my-company-aws-logs" - region = "us-west-2" } ``` @@ -38,7 +37,6 @@ module "aws_logs" { module "aws_logs" { source = "trussworks/logs/aws" s3_bucket_name = "my-company-aws-logs-elb" - region = "us-west-2" default_allow = false allow_elb = true } @@ -50,7 +48,6 @@ module "aws_logs" { module "aws_logs" { source = "trussworks/logs/aws" s3_bucket_name = "my-company-aws-logs-lb" - region = "us-west-2" default_allow = false allow_alb = true allow_elb = true @@ -63,7 +60,6 @@ module "aws_logs" { module "aws_logs" { source = "trussworks/logs/aws" s3_bucket_name = "my-company-aws-logs-cloudtrail" - region = "us-west-2" default_allow = false allow_cloudtrail = true cloudtrail_accounts = [data.aws_caller_identity.current.account_id, aws_organizations_account.example.id] @@ -76,7 +72,6 @@ module "aws_logs" { module "aws_logs" { source = "trussworks/logs/aws" s3_bucket_name = "my-company-aws-logs-lb" - region = "us-west-2" default_allow = false allow_alb = true allow_nlb = true @@ -133,7 +128,6 @@ module "aws_logs" { | nlb\_account | Account for NLB logs. By default limits to the current account. | `string` | `""` | no | | nlb\_logs\_prefixes | S3 key prefixes for NLB logs. | `list(string)` |
[
"nlb"
]
| no | | redshift\_logs\_prefix | S3 prefix for RedShift logs. | `string` | `"redshift"` | no | -| region | Region where the AWS S3 bucket will be created. | `string` | n/a | yes | | s3\_bucket\_acl | Set bucket ACL per [AWS S3 Canned ACL]() list. | `string` | `"log-delivery-write"` | no | | s3\_bucket\_name | S3 bucket to store AWS logs in. | `string` | n/a | yes | | s3\_log\_bucket\_retention | Number of days to keep AWS logs around. | `string` | `90` | no | @@ -152,6 +146,10 @@ module "aws_logs" { ## Upgrade Paths +### Upgrading from 9.0.0 to 10.x.x + +Version 10.x.x removes the `region` variable as it will pull from the region that your AWS session is associated with. + ### Upgrading from 6.0.0 to 7.x.x This release simplifies `nlb_logs_prefixes` and `alb_logs_prefixes` to no longer need to pass in a formatted list and instead can be referenced as diff --git a/examples/alb/main.tf b/examples/alb/main.tf index 86dfa28..d3cb4b3 100644 --- a/examples/alb/main.tf +++ b/examples/alb/main.tf @@ -3,7 +3,6 @@ module "aws_logs" { s3_bucket_name = var.test_name alb_logs_prefixes = var.alb_logs_prefixes - region = var.region allow_alb = true default_allow = false diff --git a/examples/alb_remote/main.tf b/examples/alb_remote/main.tf index e6e9588..8683aea 100644 --- a/examples/alb_remote/main.tf +++ b/examples/alb_remote/main.tf @@ -6,7 +6,6 @@ module "aws_logs" { s3_bucket_name = var.test_name alb_logs_prefixes = var.alb_logs_prefixes - region = var.region allow_alb = true default_allow = false diff --git a/examples/cloudtrail/main.tf b/examples/cloudtrail/main.tf index ff9aa31..6aa0d27 100644 --- a/examples/cloudtrail/main.tf +++ b/examples/cloudtrail/main.tf @@ -2,7 +2,6 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name - region = var.region force_destroy = var.force_destroy cloudtrail_logs_prefix = var.cloudtrail_logs_prefix diff --git a/examples/combined/main.tf b/examples/combined/main.tf index 809283a..ac5c16a 100644 --- a/examples/combined/main.tf +++ b/examples/combined/main.tf @@ -2,7 +2,6 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name - region = var.region default_allow = true force_destroy = var.force_destroy @@ -32,7 +31,7 @@ module "aws_cloudtrail" { module "config" { source = "trussworks/config/aws" - version = "~> 3" + version = "~> 4" config_name = var.test_name config_logs_bucket = module.aws_logs.aws_logs_bucket diff --git a/examples/combined/providers.tf b/examples/combined/providers.tf index dcdb391..992fe1d 100644 --- a/examples/combined/providers.tf +++ b/examples/combined/providers.tf @@ -1,3 +1,4 @@ provider "aws" { version = "~> 3.0" + region = var.region } diff --git a/examples/combined/variables.tf b/examples/combined/variables.tf index a314444..37a8ed3 100644 --- a/examples/combined/variables.tf +++ b/examples/combined/variables.tf @@ -2,6 +2,10 @@ variable "test_name" { type = string } +variable "config_name" { + type = string +} + variable "region" { type = string } @@ -18,3 +22,7 @@ variable "test_redshift" { variable "force_destroy" { type = bool } + +variable "config_logs_bucket" { + type = string +} diff --git a/examples/config/main.tf b/examples/config/main.tf index 1aac3a2..6aa5f46 100644 --- a/examples/config/main.tf +++ b/examples/config/main.tf @@ -2,7 +2,6 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name - region = var.region allow_config = true default_allow = false config_logs_prefix = var.config_logs_prefix @@ -10,12 +9,12 @@ module "aws_logs" { force_destroy = var.force_destroy } + module "config" { source = "trussworks/config/aws" - version = "~> 3" + version = "~> 4" - config_name = var.test_name - config_logs_bucket = module.aws_logs.aws_logs_bucket - config_logs_prefix = var.config_logs_prefix - config_sns_topic_arn = "bandana" + config_name = var.test_name + config_logs_bucket = module.aws_logs.aws_logs_bucket + config_logs_prefix = var.config_logs_prefix } diff --git a/examples/config/providers.tf b/examples/config/providers.tf index dcdb391..992fe1d 100644 --- a/examples/config/providers.tf +++ b/examples/config/providers.tf @@ -1,3 +1,4 @@ provider "aws" { version = "~> 3.0" + region = var.region } diff --git a/examples/config/variables.tf b/examples/config/variables.tf index b786c7e..472c8fd 100644 --- a/examples/config/variables.tf +++ b/examples/config/variables.tf @@ -2,6 +2,10 @@ variable "test_name" { type = string } +variable "config_name" { + type = string +} + variable "region" { type = string } diff --git a/examples/elb/main.tf b/examples/elb/main.tf index b84ce26..5a6452a 100644 --- a/examples/elb/main.tf +++ b/examples/elb/main.tf @@ -3,7 +3,6 @@ module "aws_logs" { s3_bucket_name = var.test_name elb_logs_prefix = var.elb_logs_prefix - region = var.region allow_elb = true default_allow = false diff --git a/examples/nlb/main.tf b/examples/nlb/main.tf index af50441..1da1b3e 100644 --- a/examples/nlb/main.tf +++ b/examples/nlb/main.tf @@ -3,7 +3,6 @@ module "aws_logs" { s3_bucket_name = var.test_name nlb_logs_prefixes = var.nlb_logs_prefixes - region = var.region allow_nlb = true default_allow = false diff --git a/examples/nlb_remote/main.tf b/examples/nlb_remote/main.tf index 10b8165..1528e19 100644 --- a/examples/nlb_remote/main.tf +++ b/examples/nlb_remote/main.tf @@ -6,7 +6,6 @@ module "aws_logs" { s3_bucket_name = var.test_name nlb_logs_prefixes = var.nlb_logs_prefixes - region = var.region allow_nlb = true default_allow = false diff --git a/examples/redshift/main.tf b/examples/redshift/main.tf index 97656c8..2df2c89 100644 --- a/examples/redshift/main.tf +++ b/examples/redshift/main.tf @@ -3,7 +3,6 @@ module "aws_logs" { s3_bucket_name = var.test_name redshift_logs_prefix = var.redshift_logs_prefix - region = var.region allow_redshift = true default_allow = false diff --git a/examples/s3/main.tf b/examples/s3/main.tf index 8945168..295f13d 100644 --- a/examples/s3/main.tf +++ b/examples/s3/main.tf @@ -2,7 +2,6 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name - region = var.region default_allow = false diff --git a/examples/simple/main.tf b/examples/simple/main.tf index faafaa2..8f2a2f4 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -2,7 +2,6 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name - region = var.region force_destroy = var.force_destroy tags = var.tags diff --git a/main.tf b/main.tf index 0575327..a8bb71d 100644 --- a/main.tf +++ b/main.tf @@ -16,6 +16,11 @@ data "aws_caller_identity" "current" { data "aws_partition" "current" { } +# The region is pulled from the current AWS session you are in +data "aws_region" "current" { + +} + locals { # S3 bucket ARN bucket_arn = "arn:${data.aws_partition.current.partition}:s3:::${var.s3_bucket_name}" @@ -48,7 +53,7 @@ locals { cloudwatch_effect = var.default_allow || var.allow_cloudwatch ? "Allow" : "Deny" # region specific logs service principal - cloudwatch_service = "logs.${var.region}.amazonaws.com" + cloudwatch_service = "logs.${data.aws_region.current.name}.amazonaws.com" cloudwatch_resource = "${local.bucket_arn}/${var.cloudwatch_logs_prefix}/*" diff --git a/test/terraform_aws_logs_cloudtrail_test.go b/test/terraform_aws_logs_cloudtrail_test.go index d477725..68c2ec8 100644 --- a/test/terraform_aws_logs_cloudtrail_test.go +++ b/test/terraform_aws_logs_cloudtrail_test.go @@ -1,6 +1,5 @@ package test -/* import ( "fmt" "strings" @@ -57,4 +56,3 @@ func TestTerraformAwsLogsCloudtrailRootPrefix(t *testing.T) { defer terraform.Destroy(t, terraformOptions) terraform.InitAndApply(t, terraformOptions) } -*/ diff --git a/test/terraform_aws_logs_combined_test.go b/test/terraform_aws_logs_combined_test.go index f962a30..9e4a353 100644 --- a/test/terraform_aws_logs_combined_test.go +++ b/test/terraform_aws_logs_combined_test.go @@ -1,6 +1,5 @@ package test -/* import ( "fmt" "strings" @@ -14,6 +13,8 @@ import ( func TestTerraformAwsLogsCombined(t *testing.T) { // Note: do not run this test in t.Parallel() mode. + configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId())) + expectedConfigLogsBucket := fmt.Sprintf("terratest-%s", configName) tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/combined") testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) @@ -26,11 +27,13 @@ func TestTerraformAwsLogsCombined(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: tempTestFolder, Vars: map[string]interface{}{ - "region": awsRegion, - "vpc_azs": vpcAzs, - "test_name": testName, - "test_redshift": testRedshift, - "force_destroy": true, + "region": awsRegion, + "vpc_azs": vpcAzs, + "config_name": configName, + "config_logs_bucket": expectedConfigLogsBucket, + "test_name": testName, + "test_redshift": testRedshift, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -40,4 +43,3 @@ func TestTerraformAwsLogsCombined(t *testing.T) { defer terraform.Destroy(t, terraformOptions) terraform.InitAndApply(t, terraformOptions) } -*/ diff --git a/test/terraform_aws_logs_config_test.go b/test/terraform_aws_logs_config_test.go index c668de3..bc7aa17 100644 --- a/test/terraform_aws_logs_config_test.go +++ b/test/terraform_aws_logs_config_test.go @@ -1,6 +1,5 @@ package test -/* import ( "fmt" "strings" @@ -14,6 +13,8 @@ import ( func TestTerraformAwsLogsConfig(t *testing.T) { t.Parallel() + configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId())) + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config") // AWS only supports one configuration recorder per region. @@ -25,6 +26,7 @@ func TestTerraformAwsLogsConfig(t *testing.T) { Vars: map[string]interface{}{ "region": awsRegion, "test_name": testName, + "config_name": configName, "force_destroy": true, "config_logs_prefix": testName, }, @@ -40,6 +42,8 @@ func TestTerraformAwsLogsConfig(t *testing.T) { func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) { t.Parallel() + configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId())) + testName := fmt.Sprintf("terratest-aws-logs-%s", strings.ToLower(random.UniqueId())) tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, "../", "examples/config") // AWS only supports one configuration recorder per region. @@ -51,6 +55,7 @@ func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) { Vars: map[string]interface{}{ "region": awsRegion, "test_name": testName, + "config_name": configName, "force_destroy": true, "config_logs_prefix": "", }, @@ -62,4 +67,3 @@ func TestTerraformAwsLogsConfigRootPrefix(t *testing.T) { defer terraform.Destroy(t, terraformOptions) terraform.InitAndApply(t, terraformOptions) } -*/ diff --git a/variables.tf b/variables.tf index 9c125c8..3a5042a 100644 --- a/variables.tf +++ b/variables.tf @@ -3,11 +3,6 @@ variable "s3_bucket_name" { type = string } -variable "region" { - description = "Region where the AWS S3 bucket will be created." - type = string -} - variable "s3_log_bucket_retention" { description = "Number of days to keep AWS logs around." default = 90