scribd
diff --git a/‎.github/workflows/terraform.yml
Lines changed: 50 additions & 0 deletions b/‎.github/workflows/terraform.yml
Lines changed: 50 additions & 0 deletions
diff --git a/‎.gitignore
Lines changed: 7 additions & 0 deletions b/‎.gitignore
Lines changed: 7 additions & 0 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 5 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎LICENSE
Lines changed: 14 additions & 0 deletions b/‎LICENSE
Lines changed: 14 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 89 additions & 0 deletions b/‎README.md
Lines changed: 89 additions & 0 deletions
diff --git a/‎examples/cloudwatch_log_sync/main.tf
Lines changed: 32 additions & 0 deletions b/‎examples/cloudwatch_log_sync/main.tf
Lines changed: 32 additions & 0 deletions
diff --git a/‎examples/full_integration/main.tf
Lines changed: 36 additions & 0 deletions b/‎examples/full_integration/main.tf
Lines changed: 36 additions & 0 deletions
@@ -0,0 +1,50 @@
+name: 'Terraform GitHub Actions'
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@master
+
+      - name: 'Terraform Format'
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: 0.12.20
+          tf_actions_subcommand: 'fmt'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: 'Terraform Init'
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: 0.12.20
+          tf_actions_subcommand: 'init'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 'Inject provider configs for validate command'
+        run: |
+            cat > providers.tf <<EOF
+            provider "aws" {
+              region = "us-east-2"
+            }
+
+            provider "datadog" {
+              api_key = ""
+              app_key = ""
+            }
+            EOF
+      - name: 'Terraform Validate'
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: 0.12.20
+          tf_actions_subcommand: 'validate'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,7 @@
+# Local .terraform directories
+**/.terraform/*
+
+*.tfstate
+*.tfstate.*
+
+.idea/
@@ -0,0 +1,5 @@
+# CHANGELOG
+
+<!--- next entry here -->
+
+- Initial public release
@@ -0,0 +1,14 @@
+BSD 0-CLAUSE LICENSE
+
+Copyright 2020 Scribd. Inc.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
@@ -0,0 +1,89 @@
+# terraform-aws-datadog
+
+Terraform module which sets up various AWS / Datadog integrations including:
+
+- Configure Datadog's builtin AWS integration
+- Configure Cloudtrail logshipping
+- Create ELB S3 bucket for logs and logshipping
+- Sync Cloudwatch logs for a given list of log groups
+
+
+## Usage
+
+**Set up all supported AWS / Datadog integrations**
+
+```
+module "datadog" {
+  source                = "git::https://github.com/scribd/terraform-aws-datadog.git?ref=master"
+  aws_account_id        = data.aws_caller_identity.current.account_id
+  datadog_api_key       = var.datadog_api_key
+
+  cloudtrail_bucket_id  = aws_s3_bucket.org-cloudtrail-bucket.id
+  cloudtrail_bucket_arn = aws_s3_bucket.org-cloudtrail-bucket.arn
+
+  cloudwatch_log_groups = ["cloudwatch_log_group_1", "cloudwatch_log_group_2"]
+}
+```
+
+Note: The full integration setup should only be done within one terraform stack
+per account since some of the resources it creates are global per account.
+Creating this module in multiple terraform stacks will cause conflicts.
+
+
+**Limit to only Cloudwatch log sync**
+
+```
+module "datadog" {
+  source                         = "git::https://github.com/scribd/terraform-aws-datadog.git?ref=master"
+  datadog_api_key                = var.datadog_api_key
+  create_elb_logs_bucket         = false
+  enable_datadog_aws_integration = false
+  cloudwatch_log_groups          = ["cloudwatch_log_group_1", "cloudwatch_log_group_2"]
+}
+```
+
+Note: It is safe to create multiple Cloudwatch only modules across different
+Terraform stacks within a single AWS account since all resouces used for
+Cloudwatch log sync are namspaced by module.
+
+
+## Examples
+
+* [Full AWS Datadog integration](https://github.com/scribd/terraform-aws-datadog/tree/master/examples/full_integration)
+* [Cloudwatch log sync only](https://github.com/scribd/terraform-aws-datadog/tree/master/examples/cloudwatch_log_sync)
+
+
+## Development
+
+Releases are cut using [go-semrel-gitlab](https://gitlab.com/juhani/go-semrel-gitlab)
+
+Format commit messages using [Conventional Commits format](https://www.conventionalcommits.org/en/v1.0.0-beta.2/) to determine the next version bump and to produce release notes
+
+```
+type(scope): subject
+```
+or
+
+```
+type: subject
+```
+
+Types:
+```
+minor bump: feat
+patch bump: fix,refactor,perf,docs,style,tes
+```
+
+When a commit contains a breaking change, the commit message should contain `BREAKING CHANGE:`
+
+
+## Cutting a release
+
+### Maintainers
+- [Jim](https://github.com/jim80net)
+- [QP](https://github.com/houqp)
+
+## Troubleshooting
+
+If you should encounter `Datadog is not authorized to perform action sts:AssumeRole Accounts affected: 1234567890, 1234567891 Regions affected: every region Errors began reporting 18m ago, last seen 5m ago`
+Then perhaps the external ID has changed. Execute `./terraform taint module.datadog.datadog_integration_aws.core[0]` in the root module of the account repo to force a refresh.
@@ -0,0 +1,32 @@
+variable dd_api_key {
+  type    = string
+  default = "1234567890"
+}
+
+variable dd_app_key {
+  type    = string
+  default = "1234567890"
+}
+
+variable aws_region {
+  type    = string
+  default = "us-west-2"
+}
+
+provider "datadog" {
+  api_key = var.dd_api_key
+  app_key = var.dd_app_key
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+module "datadog" {
+  source                         = "../.."
+  datadog_api_key                = var.dd_api_key
+  aws_region                     = var.aws_region
+  create_elb_logs_bucket         = false
+  enable_datadog_aws_integration = false
+  cloudwatch_log_groups          = ["cloudwatch_log_group_1", "cloudwatch_log_group_2"]
+}
@@ -0,0 +1,36 @@
+variable dd_api_key {
+  type    = string
+  default = "1234567890"
+}
+
+variable dd_app_key {
+  type    = string
+  default = "1234567890"
+}
+
+variable aws_region {
+  type    = string
+  default = "us-west-2"
+}
+
+provider "datadog" {
+  api_key = var.dd_api_key
+  app_key = var.dd_app_key
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+module "datadog" {
+  source          = "../.."
+  aws_region      = var.aws_region
+  datadog_api_key = var.dd_api_key
+  datadog_app_key = var.dd_app_key
+  aws_account_id  = data.aws_caller_identity.current.account_id
+
+  cloudtrail_bucket_id  = "S3_BUCKET_ID"
+  cloudtrail_bucket_arn = "S3_BUCKET_ARN"
+
+  cloudwatch_log_groups = ["cloudwatch_log_group_1", "cloudwatch_log_group_2"]
+}