feat: Support aws_cloudwatch_query_definition and add skip_destroy argument to aws_cloudwatch_log_group (#60)

magreenbaum · bryantbiggs · web-flow · commit 5cc5efbb954a · 2023-12-12T07:55:24.000-05:00
Co-authored-by: Bryant Biggs &lt;bryantbiggs@gmail.com&gt;
Co-authored-by: magreenbaum &lt;magreenbaum&gt;
diff --git a/README.md b/README.md
@@ -120,13 +120,30 @@ module "cis_alarms" {
 
 AWS CloudTrail normally publishes logs into AWS CloudWatch Logs. This module creates log metric filters together with metric alarms according to [CIS AWS Foundations Benchmark v1.4.0 (05-28-2021)](https://www.cisecurity.org/benchmark/amazon_web_services/). Read more about [CIS AWS Foundations Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html).
 
+### Query Definition
+
+```hcl
+module "query_definition" {
+  source  = "terraform-aws-modules/cloudwatch/aws//modules/query-definition"
+  version = "~> 4.0"
+  
+  name = "my-query-definition"
+  log_group_names = ["my-log-group-name"]
+  query_string = <<EOF
+fields @timestamp, @message
+| sort @timestamp desc
+| limit 25
+EOF
+}
+```
 ## Examples
 
 - [Complete Cloudwatch log metric filter and alarm](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/complete-log-metric-filter-and-alarm)
 - [Cloudwatch log group with log stream](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/log-group-with-log-stream)
 - [Cloudwatch metric alarms for AWS Lambda](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/lambda-metric-alarm)
 - [Cloudwatch metric alarms for AWS Lambda with multiple dimensions](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/multiple-lambda-metric-alarm)
 - [CIS AWS Foundations Controls: Metrics + Alarms](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/cis-alarms)
+- [Cloudwatch query definition](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/examples/query-definition)
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/complete-log-metric-filter-and-alarm/README.md b/examples/complete-log-metric-filter-and-alarm/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
 
 ## Providers
 
diff --git a/examples/complete-log-metric-filter-and-alarm/versions.tf b/examples/complete-log-metric-filter-and-alarm/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4.40"
     }
   }
 }
diff --git a/examples/log-group-with-log-stream/README.md b/examples/log-group-with-log-stream/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
 
 ## Providers
 
diff --git a/examples/log-group-with-log-stream/versions.tf b/examples/log-group-with-log-stream/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4.40"
     }
   }
 }
diff --git a/examples/query-definition/README.md b/examples/query-definition/README.md
@@ -0,0 +1,51 @@
+# Cloudwatch query definition example
+
+Configuration in this directory creates a Cloudwatch query definition for a specific Cloudwatch log group.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_log_group"></a> [log\_group](#module\_log\_group) | ../../modules/log-group | n/a |
+| <a name="module_query_definition"></a> [query\_definition](#module\_query\_definition) | ../../modules/query-definition | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_cloudwatch_log_group_arn"></a> [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | ARN of Cloudwatch log group |
+| <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of Cloudwatch log group |
+| <a name="output_cloudwatch_query_definition_id"></a> [cloudwatch\_query\_definition\_id](#output\_cloudwatch\_query\_definition\_id) | The query definition id |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/query-definition/main.tf b/examples/query-definition/main.tf
@@ -0,0 +1,24 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+module "log_group" {
+  source = "../../modules/log-group"
+
+  name_prefix       = "my-log-group-"
+  retention_in_days = 7
+}
+
+module "query_definition" {
+  source = "../../modules/query-definition"
+
+  name = "query-example"
+  log_group_names = [
+    module.log_group.cloudwatch_log_group_name
+  ]
+  query_string = <<EOF
+fields @timestamp, @message
+| sort @timestamp desc
+| limit 25
+EOF
+}
diff --git a/examples/query-definition/outputs.tf b/examples/query-definition/outputs.tf
@@ -0,0 +1,14 @@
+output "cloudwatch_log_group_name" {
+  description = "Name of Cloudwatch log group"
+  value       = module.log_group.cloudwatch_log_group_name
+}
+
+output "cloudwatch_log_group_arn" {
+  description = "ARN of Cloudwatch log group"
+  value       = module.log_group.cloudwatch_log_group_arn
+}
+
+output "cloudwatch_query_definition_id" {
+  description = "The query definition id"
+  value       = module.query_definition.cloudwatch_query_definition_id
+}
diff --git a/examples/query-definition/variables.tf b/examples/query-definition/variables.tf
diff --git a/examples/query-definition/versions.tf b/examples/query-definition/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
diff --git a/modules/log-group/README.md b/modules/log-group/README.md
@@ -6,13 +6,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
 
 ## Modules
 
@@ -33,6 +33,7 @@ No modules.
 | <a name="input_name"></a> [name](#input\_name) | A name for the log group | `string` | `null` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A name prefix for the log group | `string` | `null` | no |
 | <a name="input_retention_in_days"></a> [retention\_in\_days](#input\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `null` | no |
+| <a name="input_skip_destroy"></a> [skip\_destroy](#input\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to Cloudwatch log group | `map(string)` | `{}` | no |
 
 ## Outputs
diff --git a/modules/log-group/main.tf b/modules/log-group/main.tf
@@ -5,6 +5,7 @@ resource "aws_cloudwatch_log_group" "this" {
   name_prefix       = var.name_prefix
   retention_in_days = var.retention_in_days
   kms_key_id        = var.kms_key_id
+  skip_destroy      = var.skip_destroy
 
   tags = var.tags
 }
diff --git a/modules/log-group/variables.tf b/modules/log-group/variables.tf
@@ -33,6 +33,12 @@ variable "kms_key_id" {
   default     = null
 }
 
+variable "skip_destroy" {
+  description = "Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state"
+  type        = bool
+  default     = null
+}
+
 variable "tags" {
   description = "A map of tags to add to Cloudwatch log group"
   type        = map(string)
diff --git a/modules/log-group/versions.tf b/modules/log-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 4.40"
     }
   }
 }
diff --git a/modules/query-definition/README.md b/modules/query-definition/README.md
@@ -0,0 +1,41 @@
+# query-definition
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_query_definition.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_query_definition) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_create"></a> [create](#input\_create) | Whether to create the Cloudwatch query definition | `bool` | `true` | no |
+| <a name="input_log_group_names"></a> [log\_group\_names](#input\_log\_group\_names) | Specific log groups to use with the query. | `list(string)` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the query. | `string` | n/a | yes |
+| <a name="input_query_string"></a> [query\_string](#input\_query\_string) | The The query to save. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_cloudwatch_query_definition_id"></a> [cloudwatch\_query\_definition\_id](#output\_cloudwatch\_query\_definition\_id) | The query definition id. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/query-definition/main.tf b/modules/query-definition/main.tf
@@ -0,0 +1,7 @@
+resource "aws_cloudwatch_query_definition" "this" {
+  count = var.create ? 1 : 0
+
+  name            = var.name
+  query_string    = var.query_string
+  log_group_names = var.log_group_names
+}
diff --git a/modules/query-definition/outputs.tf b/modules/query-definition/outputs.tf
@@ -0,0 +1,4 @@
+output "cloudwatch_query_definition_id" {
+  description = "The query definition id."
+  value       = try(aws_cloudwatch_query_definition.this[0].query_definition_id, "")
+}
diff --git a/modules/query-definition/variables.tf b/modules/query-definition/variables.tf
@@ -0,0 +1,21 @@
+variable "create" {
+  description = "Whether to create the Cloudwatch query definition"
+  type        = bool
+  default     = true
+}
+
+variable "name" {
+  description = "The name of the query."
+  type        = string
+}
+
+variable "query_string" {
+  description = "The The query to save."
+  type        = string
+}
+
+variable "log_group_names" {
+  description = "Specific log groups to use with the query."
+  type        = list(string)
+  default     = null
+}
diff --git a/modules/query-definition/versions.tf b/modules/query-definition/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
diff --git a/wrappers/log-group/main.tf b/wrappers/log-group/main.tf
@@ -8,5 +8,6 @@ module "wrapper" {
   name_prefix       = try(each.value.name_prefix, var.defaults.name_prefix, null)
   retention_in_days = try(each.value.retention_in_days, var.defaults.retention_in_days, null)
   kms_key_id        = try(each.value.kms_key_id, var.defaults.kms_key_id, null)
+  skip_destroy      = try(each.value.skip_destroy, var.defaults.skip_destroy, null)
   tags              = try(each.value.tags, var.defaults.tags, {})
 }
diff --git a/wrappers/log-metric-filter/main.tf b/wrappers/log-metric-filter/main.tf
@@ -12,4 +12,5 @@ module "wrapper" {
   metric_transformation_value         = try(each.value.metric_transformation_value, var.defaults.metric_transformation_value, "1")
   metric_transformation_default_value = try(each.value.metric_transformation_default_value, var.defaults.metric_transformation_default_value, null)
   metric_transformation_unit          = try(each.value.metric_transformation_unit, var.defaults.metric_transformation_unit, null)
+  metric_transformation_dimensions    = try(each.value.metric_transformation_dimensions, var.defaults.metric_transformation_dimensions, {})
 }
diff --git a/wrappers/query-definition/README.md b/wrappers/query-definition/README.md
diff --git a/wrappers/query-definition/main.tf b/wrappers/query-definition/main.tf
diff --git a/wrappers/query-definition/outputs.tf b/wrappers/query-definition/outputs.tf
diff --git a/wrappers/query-definition/variables.tf b/wrappers/query-definition/variables.tf
diff --git a/wrappers/query-definition/versions.tf b/wrappers/query-definition/versions.tf

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ terraform {`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws"`
`7`		`- version = ">= 4.0"`
	`7`	`+ version = ">= 4.40"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`