feat: Add option to specify default ok no data actions (#44)

enver · web-flow · commit fdb39b74f0ed · 2022-07-18T19:32:27.000+03:00
diff --git a/examples/cis-alarms/README.md b/examples/cis-alarms/README.md
@@ -30,6 +30,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_all_action_types"></a> [all\_action\_types](#module\_all\_action\_types) | ../../modules/cis-alarms | n/a |
 | <a name="module_all_cis_alarms"></a> [all\_cis\_alarms](#module\_all\_cis\_alarms) | ../../modules/cis-alarms | n/a |
 | <a name="module_aws_sns_topic"></a> [aws\_sns\_topic](#module\_aws\_sns\_topic) | ../fixtures/aws_sns_topic | n/a |
 | <a name="module_control_overrides"></a> [control\_overrides](#module\_control\_overrides) | ../../modules/cis-alarms | n/a |
diff --git a/examples/cis-alarms/main.tf b/examples/cis-alarms/main.tf
@@ -51,3 +51,12 @@ module "control_overrides" {
     }
   }
 }
+
+module "all_action_types" {
+  source = "../../modules/cis-alarms"
+
+  log_group_name            = module.log.cloudwatch_log_group_name
+  alarm_actions             = [module.aws_sns_topic.sns_topic_arn]
+  ok_actions                = [module.aws_sns_topic.sns_topic_arn]
+  insufficient_data_actions = [module.aws_sns_topic.sns_topic_arn]
+}
diff --git a/modules/cis-alarms/README.md b/modules/cis-alarms/README.md
@@ -39,9 +39,11 @@ No modules.
 | <a name="input_control_overrides"></a> [control\_overrides](#input\_control\_overrides) | A map of overrides to apply to each control | `any` | `{}` | no |
 | <a name="input_create"></a> [create](#input\_create) | Whether to create the Cloudwatch log metric filter and metric alarms | `bool` | `true` | no |
 | <a name="input_disabled_controls"></a> [disabled\_controls](#input\_disabled\_controls) | List of IDs of disabled CIS controls | `list(string)` | `[]` | no |
+| <a name="input_insufficient_data_actions"></a> [insufficient\_data\_actions](#input\_insufficient\_data\_actions) | List of ARNs to put as Cloudwatch insuficient data actions (eg, ARN of SNS topic) | `list(string)` | `[]` | no |
 | <a name="input_log_group_name"></a> [log\_group\_name](#input\_log\_group\_name) | The name of the log group to associate the metric filter with | `string` | `""` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A name prefix for the cloudwatch alarm (if use\_random\_name\_prefix is true, this will be ignored) | `string` | `""` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace where metric filter and metric alarm should be cleated | `string` | `"CISBenchmark"` | no |
+| <a name="input_ok_actions"></a> [ok\_actions](#input\_ok\_actions) | List of ARNs to put as Cloudwatch OK actions (eg, ARN of SNS topic) | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to all resources | `map(string)` | `{}` | no |
 | <a name="input_use_random_name_prefix"></a> [use\_random\_name\_prefix](#input\_use\_random\_name\_prefix) | Whether to prefix resource names with random prefix | `bool` | `false` | no |
 
diff --git a/modules/cis-alarms/main.tf b/modules/cis-alarms/main.tf
@@ -113,8 +113,8 @@ resource "aws_cloudwatch_metric_alarm" "this" {
 
   actions_enabled           = lookup(each.value, "actions_enabled", var.actions_enabled)
   alarm_actions             = lookup(each.value, "alarm_actions", var.alarm_actions)
-  ok_actions                = lookup(each.value, "ok_actions", null)
-  insufficient_data_actions = lookup(each.value, "insufficient_data_actions", null)
+  ok_actions                = lookup(each.value, "ok_actions", var.ok_actions)
+  insufficient_data_actions = lookup(each.value, "insufficient_data_actions", var.insufficient_data_actions)
 
   comparison_operator                   = lookup(each.value, "comparison_operator", "GreaterThanOrEqualToThreshold")
   evaluation_periods                    = lookup(each.value, "evaluation_periods", 1)
diff --git a/modules/cis-alarms/variables.tf b/modules/cis-alarms/variables.tf
@@ -57,3 +57,15 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "ok_actions" {
+  description = "List of ARNs to put as Cloudwatch OK actions (eg, ARN of SNS topic)"
+  type        = list(string)
+  default     = []
+}
+
+variable "insufficient_data_actions" {
+  description = "List of ARNs to put as Cloudwatch insuficient data actions (eg, ARN of SNS topic)"
+  type        = list(string)
+  default     = []
+}

Original file line number	Diff line number	Diff line change
`@@ -51,3 +51,12 @@ module "control_overrides" {`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`	`}`
	`54`	`+`
	`55`	`+module "all_action_types" {`
	`56`	`+ source = "../../modules/cis-alarms"`
	`57`	`+`
	`58`	`+ log_group_name = module.log.cloudwatch_log_group_name`
	`59`	`+ alarm_actions = [module.aws_sns_topic.sns_topic_arn]`
	`60`	`+ ok_actions = [module.aws_sns_topic.sns_topic_arn]`
	`61`	`+ insufficient_data_actions = [module.aws_sns_topic.sns_topic_arn]`
	`62`	`+}`