add cloudwatch

terraform-modules · Sep 19, 2022 · 817b558 · 817b558
1 parent 3645467
commit 817b558
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 1 deletion.
diff --git a/common/versions.tf b/common/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  experiments = [module_variable_optional_attrs]
+  #  experiments = [module_variable_optional_attrs]
   required_providers {
     aws = {
       source  = "hashicorp/aws"

diff --git a/vpn-transit-gateway/README.md b/vpn-transit-gateway/README.md
@@ -68,6 +68,7 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_cloudwatch_log_group.log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_customer_gateway.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | resource |
 | [aws_ec2_tag.vpn_tag_created_by](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
 | [aws_ec2_tag.vpn_tag_environment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
@@ -91,6 +92,7 @@ No modules.
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
 | <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
+| <a name="input_enable_cloudwatch_logging"></a> [enable\_cloudwatch\_logging](#input\_enable\_cloudwatch\_logging) | Flag to enable or disable VPN tunnel logging to CloudWatch.  If Enabled, it will create the cloudwatch log groups | `bool` | `false` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | AWS Profile Name, used for makign AWS call to download VPN configurations | `string` | `"default"` | no |
 | <a name="input_route_table_ids"></a> [route\_table\_ids](#input\_route\_table\_ids) | List of created route table IDs for privating routing to be used for VPN route propagation | `list(string)` | `[]` | no |

diff --git a/vpn-transit-gateway/cloudwatch.tf b/vpn-transit-gateway/cloudwatch.tf
@@ -0,0 +1,17 @@
+resource "aws_cloudwatch_log_group" "log" {
+  for_each = var.enable_cloudwatch_logging ? local.vpn_tunnel_outputs : {}
+  name     = format("vpn/tgw/%v/%v", var.tgw_environment, each.key)
+  #  kms_key_id        = var.kms_key_arn
+  retention_in_days = 60
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    {
+      Name                    = self.name
+      "boc:tgw_environment"   = var.tgw_environment
+      "boc:vpn:connection_id" = each.value.vpn_connection_id
+    },
+    v.tunnel1_interface_number != "" ? { "boc:vpn:tunnel_interfaces" = join(" ", [v.tunnel1_interface_number, v.tunnel2_interface_number]) } : {},
+  )
+}
diff --git a/vpn-transit-gateway/tf-settings.tf b/vpn-transit-gateway/tf-settings.tf
@@ -0,0 +1,3 @@
+terraform {
+  experiments = [module_variable_optional_attrs]
+}
diff --git a/vpn-transit-gateway/variables.tf b/vpn-transit-gateway/variables.tf
@@ -60,3 +60,9 @@ variable "tgw_environment" {
   type        = string
   default     = null
 }
+
+variable "enable_cloudwatch_logging" {
+  description = "Flag to enable or disable VPN tunnel logging to CloudWatch.  If Enabled, it will create the cloudwatch log groups"
+  type        = bool
+  default     = false
+}