add cloudwatch logging

terraform-modules · Sep 19, 2022 · dad2c70 · dad2c70
1 parent 19b8696
commit dad2c70
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 1 deletion.
diff --git a/vpn-transit-gateway/README.md b/vpn-transit-gateway/README.md
@@ -85,6 +85,7 @@ No modules.
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
 

diff --git a/vpn-transit-gateway/main.tf b/vpn-transit-gateway/main.tf
@@ -139,6 +139,19 @@ resource "aws_vpn_connection" "vpn" {
 
   static_routes_only = false
 
+  tunnel1_log_options {
+    cloudwatch_log_options {
+      log_enabled   = var.enable_cloudwatch_logging
+      log_group_arn = var.enable_cloudwatch_logging ? aws_cloudwatch_log_group.log[each.key].arn : null
+    }
+  }
+  tunnel2_log_options {
+    cloudwatch_log_options {
+      log_enabled   = var.enable_cloudwatch_logging
+      log_group_arn = var.enable_cloudwatch_logging ? aws_cloudwatch_log_group.log[each.key].arn : null
+    }
+  }
+
   tags = merge(
     local.base_tags,
     var.tags,

diff --git a/vpn-transit-gateway/outputs.tf b/vpn-transit-gateway/outputs.tf
@@ -38,7 +38,9 @@ output "vpn_labels" {
     environment = v.environment
     sequence    = v.sequence
     #    label       = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
-    label = v.label
+    label         = v.label
+    tunnel1_label = v.tunnel1_label
+    tunnel2_label = v.tunnel2_label
     }
   }
 }

diff --git a/vpn-transit-gateway/vpn-config.tf b/vpn-transit-gateway/vpn-config.tf
@@ -8,13 +8,20 @@ locals {
     customer_address  = aws_customer_gateway.vpn[k].ip_address
     bgp_asn           = aws_customer_gateway.vpn[k].bgp_asn
     vpn_connection_id = aws_vpn_connection.vpn[k].id
+    vpc_cidr_block    = data.aws_vpc.vpc.cidr_block
+    vpc_name          = var.vpc_name
+    vpc_short_name    = var.vpc_short_name
+    region            = local.region
+    region_short      = local.region_short
+    account_id        = local.account_id
 
     tunnel1_label              = format("%v %v %v %v %v", aws_vpn_connection.vpn[k].tunnel1_inside_cidr, local.account_id, local.region_short, var.vpc_short_name, v.label)
     tunnel1_bgp_asn            = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
     tunnel1_address            = aws_vpn_connection.vpn[k].tunnel1_address
     tunnel1_inside_cidr        = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
     tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
     tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
+    tunnel1_preshared_key      = aws_vpn_connection.vpn[k].tunnel1_preshared_key
     tunnel1_interface_number   = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[0] : ""
     tunnel1_loopback           = v.tunnel_loopback != null ? v.tunnel_loopback : ""
 
@@ -24,6 +31,7 @@ locals {
     tunnel2_inside_cidr        = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
     tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
     tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
+    tunnel2_preshared_key      = aws_vpn_connection.vpn[k].tunnel2_preshared_key
     tunnel2_interface_number   = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[1] : ""
     tunnel2_loopback           = v.tunnel_loopback != null ? v.tunnel_loopback : ""
     }