A reusable module for creating CloudWatch log groups. Supports encryption with KMS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Charles CÈBE e4b24cfd22 doc: update CHANGELOG.md file 1 month ago
examples fix: address PR comments 1 month ago
.gitignore Initial commit 1 month ago
.pre-commit-config.yaml fix: disable terraform_tfsec pre-commit hook 1 month ago
CHANGELOG.md doc: update CHANGELOG.md file 1 month ago
Jenkinsfile Initial commit 1 month ago
LICENSE chore: update company name in LICENCE file 1 month ago
README.md fix: address PR comments 1 month ago
data.tf fix: address PR comments 1 month ago
locals.tf feat: add reusable locals for module 1 month ago
main.tf fix: address PR comments 1 month ago
outputs.tf fix: address PR comments 1 month ago
variables.tf fix: address PR comments 1 month ago
versions.tf feat: add versions, providers, and empty resource 1 month ago

README.md

terraform-module-aws-cloudwatch-log-group

Generic module which create a CloudWatch log group, with encryption (it will encrypt by default and create a KMS key) and appropriated policies.

Requirements

Name Version
terraform ~> 0.13
aws >= 3.0

Providers

Name Version
aws >= 3.0

Modules

No Modules.

Resources

Name
aws_caller_identity
aws_cloudwatch_log_group
aws_iam_policy_document
aws_kms_alias
aws_kms_key
aws_kms_key
aws_partition
aws_region

Inputs

Name Description Type Default Required
log_encryption_enabled Choose whether the CloudWatch log encryption is enabled (highly recommended). bool true no
log_group_name The name for the log group. string n/a yes
log_kms_deletion_window_in_days The duration in days after which the key is deleted after destruction of the resource. Defaults to 30 days. number 30 no
log_kms_enable_rotation Choose whether the key rotation is enabled. Defaults to false. This is highly recommended to enable it. bool true no
log_kms_key_create Choose whether we should create the KMS key for log encryption or not. Defaults to true. bool true no
log_kms_key_name The KMS key name for log encryption. Will be used as alias name. string null no
log_retention_days The number of days you want to retain log events on CloudWatch. number 7 no
prefix A prefix for deployment, will be used for each resource name. string n/a yes
tags Default tags to be applied to all taggable resources. map(string) {} no

Outputs

Name Description
log_group_arn The log group arn.
log_group_id The log group ID.
log_group_kms_key_id The arn of the KMS Key to use when encrypting log data.
log_group_name The log group name.
log_group_retention_in_days The number of days the log events are retained.
log_group_tags The tags assigned to the log group.
log_kms_alias_arn The arn of the log group key alias.
log_kms_alias_id A globally unique identifier for the log group key alias.
log_kms_alias_name The display name of the log group key alias.
log_kms_alias_target_key_arn The arn of the log group target key identifier.
log_kms_alias_target_key_id A globally unique identifier for the log group target key.
log_kms_key_arn The arn of the log group key.
log_kms_key_customer_master_key_spec The specifications for KMS master key.
log_kms_key_deletion_window_in_days The duration in days after which the key is deleted after destruction of the resource.
log_kms_key_description The description of the key as viewed in AWS console.
log_kms_key_enable_rotation Specifies whether key rotation is enabled.
log_kms_key_id A globally unique identifier for the log group KMS key.
log_kms_key_is_enabled Specifies whether the key is enabled.
log_kms_key_tags The tags assigned to the KMS key.
log_kms_key_usage Specifies the intended use of the key.
log_kms_resource_id A globally unique identifier for KMS resource.

Versioning

This repository follows Semantic Versioning 2.0.0

Git Hooks

This repository uses pre-commit hooks.