Terraform module that sets up CloudWatch Log Group Subscription Filters. This makes it easier to forward log data to Observe, through the Observe Kinesis Firehose module.
By default, the module will create subscription filters for all log groups.
resource "aws_cloudwatch_log_group" "group" {
name_prefix = random_pet.run.id
}
module "observe_kinesis_firehose" {
source = "github.com/observeinc/terraform-aws-kinesis-firehose"
observe_customer = var.observe_customer
observe_token = var.observe_token
name = random_pet.run.id
}
module "observe_kinesis_firehose_cloudwatch_logs_subscription" {
source = "https://github.com/observeinc/terraform-aws-cloudwatch-logs-subscription"
kinesis_firehose = module.observe_kinesis_firehose
# Collect the log group defined above, all Elastic Beanstalk logs,
# and API Gateway execution logs
log_group_matches = [
aws_cloudwatch_log_group.group.name,
"/aws/elasticbeanstalk/.*",
"API-Gateway-Execution-Logs.*",
]
# Don't collect any Elastic Beanstalk Nginx access logs
log_group_excludes = ["/aws/elasticbeanstalk/.*/var/log/nginx/access.log"]
}This module will create multiple CloudWatch subscription filters. If no role ARN is provided, a new role will be created.
| Name | Version |
|---|---|
| terraform | >= 1.1 |
| archive | >= 2.2 |
| aws | >= 2.68 |
| Name | Version |
|---|---|
| archive | >= 2.2 |
| aws | >= 2.68 |
No modules.
| Name | Type |
|---|---|
| aws_cloudformation_stack.lambda_trigger | resource |
| aws_cloudwatch_event_rule.new_log_groups | resource |
| aws_cloudwatch_event_rule.pagination | resource |
| aws_cloudwatch_event_target.event_rules | resource |
| aws_cloudwatch_log_group.lambda | resource |
| aws_iam_policy.lambda | resource |
| aws_iam_role.lambda | resource |
| aws_iam_role.subscription_filter | resource |
| aws_iam_role_policy_attachment.lambda | resource |
| aws_iam_role_policy_attachment.subscription_filter | resource |
| aws_lambda_function.lambda | resource |
| aws_lambda_permission.event_rules | resource |
| archive_file.lambda_code | data source |
| aws_caller_identity.current | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| filter_name | Name of all created Log Group Subscription Filters | string |
"observe-logs-subscription" |
no |
| filter_pattern | The filter pattern to use. For more information, see Filter and Pattern Syntax" | string |
"" |
no |
| iam_name_prefix | Prefix used for all created IAM roles and policies | string |
"observe-logs-subscription" |
no |
| iam_role_arn | ARN of IAM role to use for Cloudwatch Logs subscription. If this is not specified, then an IAM role is created. |
string |
"" |
no |
| ignore_delete_errors | Ignore CloudFormation stack errors from deletion events. Setting this to true means that leftover Subscription Filters could remain. |
bool |
false |
no |
| kinesis_firehose | Observe Kinesis Firehose module | object({ |
n/a | yes |
| lambda_memory | The amount of memory available to the Lambda function, in megabytes. See https://docs.aws.amazon.com/lambda/latest/operatorguide/computing-power.html for more info. |
number |
128 |
no |
| lambda_timeout | The amount of time that Lambda allows a function to run before stopping it. The maximum allowed value is 900 seconds. |
number |
300 |
no |
| log_group_excludes | A list of regex patterns. If a Log Group fully matches any regex pattern in the list, it will not be subscribed to. log_group_excludes takes precedence over log_group_matches. |
list(string) |
[] |
no |
| log_group_expiration_in_days | Expiration to set on the log group for the lambda created by this stack | number |
365 |
no |
| log_group_matches | A list of regex patterns. If a Log Group fully matches any regex pattern in the list, it will be subscribed to. By "fully matches", we mean that the entire log group name must match a pattern. |
list(string) |
[ |
no |
| name | Module name. Used to determine the name of some resources | string |
"observe-logs-subscription" |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
No outputs.
Apache 2 Licensed. See LICENSE for full details.