diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b348aea..626bd79 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.96.2
+ rev: v1.99.5
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/README.md b/README.md
index 0f06c83..a321f4c 100644
--- a/README.md
+++ b/README.md
@@ -65,14 +65,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.0 |
## Modules
@@ -129,7 +129,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| [dd\_app\_key](#input\_dd\_app\_key) | The Datadog application key associated with the user account that created it, which can be found from the APIs page | `string` | `""` | no |
| [dd\_site](#input\_dd\_site) | Define your Datadog Site to send data to. For the Datadog EU site, set to datadoghq.eu | `string` | `"datadoghq.com"` | no |
| [kms\_alias](#input\_kms\_alias) | Alias of KMS key used to encrypt the Datadog API keys - must start with `alias/` | `string` | n/a | yes |
-| [log\_forwarder\_architectures](#input\_log\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | [
"x86_64"
]
| no |
+| [log\_forwarder\_architectures](#input\_log\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["arm64"]` | `list(string)` | [
"arm64"
]
| no |
| [log\_forwarder\_bucket\_prefix](#input\_log\_forwarder\_bucket\_prefix) | S3 object key prefix to prepend to zip archive name | `string` | `""` | no |
| [log\_forwarder\_bucket\_tags](#input\_log\_forwarder\_bucket\_tags) | A map of tags to apply to the log forwarder bucket | `map(any)` | `{}` | no |
| [log\_forwarder\_environment\_variables](#input\_log\_forwarder\_environment\_variables) | A map of environment variables for the log forwarder lambda function | `map(string)` | `{}` | no |
@@ -151,7 +151,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| [log\_forwarder\_role\_path](#input\_log\_forwarder\_role\_path) | Log forwarder role path | `string` | `null` | no |
| [log\_forwarder\_role\_permissions\_boundary](#input\_log\_forwarder\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the log forwarder role | `string` | `null` | no |
| [log\_forwarder\_role\_tags](#input\_log\_forwarder\_role\_tags) | A map of tags to apply to the log forwarder role | `map(string)` | `{}` | no |
-| [log\_forwarder\_runtime](#input\_log\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.11"` | no |
+| [log\_forwarder\_runtime](#input\_log\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.12"` | no |
| [log\_forwarder\_s3\_log\_bucket\_arns](#input\_log\_forwarder\_s3\_log\_bucket\_arns) | S3 log buckets for forwarder to read and forward logs to Datadog | `list(string)` | `[]` | no |
| [log\_forwarder\_s3\_zip\_kms\_key\_id](#input\_log\_forwarder\_s3\_zip\_kms\_key\_id) | The AWS KMS Key ARN to use for object encryption | `string` | `null` | no |
| [log\_forwarder\_s3\_zip\_metadata](#input\_log\_forwarder\_s3\_zip\_metadata) | A map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-` | `map(string)` | `{}` | no |
@@ -165,7 +165,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| [log\_forwarder\_timeout](#input\_log\_forwarder\_timeout) | The amount of time the log forwarder lambda has to execute in seconds | `number` | `120` | no |
| [log\_forwarder\_use\_policy\_name\_prefix](#input\_log\_forwarder\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `policy_name` for the log forwarder policy | `bool` | `false` | no |
| [log\_forwarder\_use\_role\_name\_prefix](#input\_log\_forwarder\_use\_role\_name\_prefix) | Whether to use unique name beginning with the specified `role_name` for the log forwarder role | `bool` | `false` | no |
-| [log\_forwarder\_version](#input\_log\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.130.0"` | no |
+| [log\_forwarder\_version](#input\_log\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"4.12.0"` | no |
| [log\_forwarder\_vpce\_policy](#input\_log\_forwarder\_vpce\_policy) | Policy to attach to the log forwarder endpoint that controls access to the service. Defaults to full access | `any` | `null` | no |
| [log\_forwarder\_vpce\_security\_group\_ids](#input\_log\_forwarder\_vpce\_security\_group\_ids) | IDs of security groups to attach to log forwarder endpoint | `list(string)` | `[]` | no |
| [log\_forwarder\_vpce\_subnet\_ids](#input\_log\_forwarder\_vpce\_subnet\_ids) | IDs of subnets to associate with log forwarder endpoint | `list(string)` | `[]` | no |
@@ -178,7 +178,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| [processes\_vpce\_security\_group\_ids](#input\_processes\_vpce\_security\_group\_ids) | IDs of security groups to attach to processes endpoint | `list(string)` | `[]` | no |
| [processes\_vpce\_subnet\_ids](#input\_processes\_vpce\_subnet\_ids) | IDs of subnets to associate with processes endpoint | `list(string)` | `[]` | no |
| [processes\_vpce\_tags](#input\_processes\_vpce\_tags) | A map of tags to apply to the processes endpoint | `map(string)` | `{}` | no |
-| [rds\_em\_forwarder\_architectures](#input\_rds\_em\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | [
"x86_64"
]
| no |
+| [rds\_em\_forwarder\_architectures](#input\_rds\_em\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["arm64"]` | `list(string)` | [
"arm64"
]
| no |
| [rds\_em\_forwarder\_environment\_variables](#input\_rds\_em\_forwarder\_environment\_variables) | A map of environment variables for the RDS enhanced monitoring forwarder lambda function | `map(string)` | `{}` | no |
| [rds\_em\_forwarder\_kms\_key\_arn](#input\_rds\_em\_forwarder\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
| [rds\_em\_forwarder\_lambda\_tags](#input\_rds\_em\_forwarder\_lambda\_tags) | A map of tags to apply to the RDS enhanced monitoring forwarder lambda function | `map(string)` | `{}` | no |
@@ -198,20 +198,20 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| [rds\_em\_forwarder\_role\_path](#input\_rds\_em\_forwarder\_role\_path) | RDS enhanced monitoring forwarder role path | `string` | `null` | no |
| [rds\_em\_forwarder\_role\_permissions\_boundary](#input\_rds\_em\_forwarder\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the RDS enhanced monitoring forwarder role | `string` | `null` | no |
| [rds\_em\_forwarder\_role\_tags](#input\_rds\_em\_forwarder\_role\_tags) | A map of tags to apply to the RDS enhanced monitoring forwarder role | `map(string)` | `{}` | no |
-| [rds\_em\_forwarder\_runtime](#input\_rds\_em\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.8"` | no |
+| [rds\_em\_forwarder\_runtime](#input\_rds\_em\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.12"` | no |
| [rds\_em\_forwarder\_security\_group\_ids](#input\_rds\_em\_forwarder\_security\_group\_ids) | List of security group ids when forwarder lambda function should run in the VPC | `list(string)` | `null` | no |
| [rds\_em\_forwarder\_subnet\_ids](#input\_rds\_em\_forwarder\_subnet\_ids) | List of subnet ids when forwarder lambda function should run in the VPC. Usually private or intra subnets | `list(string)` | `null` | no |
| [rds\_em\_forwarder\_tags](#input\_rds\_em\_forwarder\_tags) | A map of tags to apply to the RDS enhanced monitoring forwarder resources | `map(string)` | `{}` | no |
| [rds\_em\_forwarder\_timeout](#input\_rds\_em\_forwarder\_timeout) | The amount of time the RDS enhanced monitoring forwarder lambda has to execute in seconds | `number` | `10` | no |
| [rds\_em\_forwarder\_use\_policy\_name\_prefix](#input\_rds\_em\_forwarder\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `rds_em_forwarder_policy_name` for the RDS enhanced monitoring forwarder role | `bool` | `false` | no |
| [rds\_em\_forwarder\_use\_role\_name\_prefix](#input\_rds\_em\_forwarder\_use\_role\_name\_prefix) | Whether to use unique name beginning with the specified `rds_em_forwarder_role_name` for the RDS enhanced monitoring forwarder role | `bool` | `false` | no |
-| [rds\_em\_forwarder\_version](#input\_rds\_em\_forwarder\_version) | RDS enhanced monitoring lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.130.0"` | no |
+| [rds\_em\_forwarder\_version](#input\_rds\_em\_forwarder\_version) | RDS enhanced monitoring lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"4.12.0"` | no |
| [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no |
| [traces\_vpce\_policy](#input\_traces\_vpce\_policy) | Policy to attach to the traces endpoint that controls access to the service. Defaults to full access | `any` | `null` | no |
| [traces\_vpce\_security\_group\_ids](#input\_traces\_vpce\_security\_group\_ids) | IDs of security groups to attach to traces endpoint | `list(string)` | `[]` | no |
| [traces\_vpce\_subnet\_ids](#input\_traces\_vpce\_subnet\_ids) | IDs of subnets to associate with traces endpoint | `list(string)` | `[]` | no |
| [traces\_vpce\_tags](#input\_traces\_vpce\_tags) | A map of tags to apply to the traces endpoint | `map(string)` | `{}` | no |
-| [vpc\_fl\_forwarder\_architectures](#input\_vpc\_fl\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | [
"x86_64"
]
| no |
+| [vpc\_fl\_forwarder\_architectures](#input\_vpc\_fl\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["arm64"]` | `list(string)` | [
"arm64"
]
| no |
| [vpc\_fl\_forwarder\_environment\_variables](#input\_vpc\_fl\_forwarder\_environment\_variables) | A map of environment variables for the VPC flow log forwarder lambda function | `map(string)` | `{}` | no |
| [vpc\_fl\_forwarder\_kms\_key\_arn](#input\_vpc\_fl\_forwarder\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
| [vpc\_fl\_forwarder\_lambda\_tags](#input\_vpc\_fl\_forwarder\_lambda\_tags) | A map of tags to apply to the VPC flow log forwarder lambda function | `map(string)` | `{}` | no |
@@ -232,7 +232,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| [vpc\_fl\_forwarder\_role\_path](#input\_vpc\_fl\_forwarder\_role\_path) | VPC flow log forwarder role path | `string` | `null` | no |
| [vpc\_fl\_forwarder\_role\_permissions\_boundary](#input\_vpc\_fl\_forwarder\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the VPC flow log forwarder role | `string` | `null` | no |
| [vpc\_fl\_forwarder\_role\_tags](#input\_vpc\_fl\_forwarder\_role\_tags) | A map of tags to apply to the VPC flow log forwarder role | `map(string)` | `{}` | no |
-| [vpc\_fl\_forwarder\_runtime](#input\_vpc\_fl\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.8"` | no |
+| [vpc\_fl\_forwarder\_runtime](#input\_vpc\_fl\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.12"` | no |
| [vpc\_fl\_forwarder\_s3\_log\_bucket\_arns](#input\_vpc\_fl\_forwarder\_s3\_log\_bucket\_arns) | S3 log buckets for VPC flow log forwarder to read and forward to Datadog | `list(string)` | `[]` | no |
| [vpc\_fl\_forwarder\_security\_group\_ids](#input\_vpc\_fl\_forwarder\_security\_group\_ids) | List of security group ids when forwarder lambda function should run in the VPC | `list(string)` | `null` | no |
| [vpc\_fl\_forwarder\_subnet\_ids](#input\_vpc\_fl\_forwarder\_subnet\_ids) | List of subnet ids when forwarder lambda function should run in the VPC. Usually private or intra subnets | `list(string)` | `null` | no |
@@ -240,7 +240,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| [vpc\_fl\_forwarder\_timeout](#input\_vpc\_fl\_forwarder\_timeout) | The amount of time the VPC flow log forwarder lambda has to execute in seconds | `number` | `10` | no |
| [vpc\_fl\_forwarder\_use\_policy\_name\_prefix](#input\_vpc\_fl\_forwarder\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `vpc_fl_forwarder_policy_name` for the VPC flow log forwarder role | `bool` | `false` | no |
| [vpc\_fl\_forwarder\_use\_role\_name\_prefix](#input\_vpc\_fl\_forwarder\_use\_role\_name\_prefix) | Whether to use unique name beginning with the specified `vpc_fl_forwarder_role_name` for the VPC flow log forwarder role | `bool` | `false` | no |
-| [vpc\_fl\_forwarder\_version](#input\_vpc\_fl\_forwarder\_version) | VPC flow log lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.130.0"` | no |
+| [vpc\_fl\_forwarder\_version](#input\_vpc\_fl\_forwarder\_version) | VPC flow log lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"4.12.0"` | no |
| [vpc\_id](#input\_vpc\_id) | ID of VPC to provision endpoints within | `string` | `null` | no |
## Outputs
diff --git a/examples/complete/README.md b/examples/complete/README.md
index a082a5b..0a5ccdd 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -23,15 +23,15 @@ Note that this example may create resources which will incur monetary charges on
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.0 |
| [random](#provider\_random) | >= 2.0 |
## Modules
@@ -39,11 +39,11 @@ Note that this example may create resources which will incur monetary charges on
| Name | Source | Version |
|------|--------|---------|
| [default](#module\_default) | ../../ | n/a |
-| [log\_bucket\_1](#module\_log\_bucket\_1) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |
-| [log\_bucket\_2](#module\_log\_bucket\_2) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |
+| [log\_bucket\_1](#module\_log\_bucket\_1) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
+| [log\_bucket\_2](#module\_log\_bucket\_2) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 6.0 |
## Resources
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 681a557..5c95eae 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -238,7 +238,7 @@ resource "aws_kms_alias" "datadog" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
@@ -254,7 +254,7 @@ module "vpc" {
module "vpc_endpoints" {
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
- version = "~> 5.0"
+ version = "~> 6.0"
vpc_id = module.vpc.vpc_id
security_group_ids = [module.security_group.security_group_id]
@@ -306,7 +306,7 @@ module "security_group" {
module "log_bucket_1" {
source = "terraform-aws-modules/s3-bucket/aws"
- version = "~> 4.0"
+ version = "~> 5.0"
bucket_prefix = "logs-1-"
force_destroy = true
@@ -328,7 +328,7 @@ module "log_bucket_1" {
module "log_bucket_2" {
source = "terraform-aws-modules/s3-bucket/aws"
- version = "~> 4.0"
+ version = "~> 5.0"
bucket_prefix = "logs-2-"
force_destroy = true
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 10277e4..d2f4f3e 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.0"
}
random = {
source = "hashicorp/random"
diff --git a/examples/simple/README.md b/examples/simple/README.md
index 0c6e0b2..db47413 100644
--- a/examples/simple/README.md
+++ b/examples/simple/README.md
@@ -19,15 +19,15 @@ Note that this example may create resources which will incur monetary charges on
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.0 |
| [random](#provider\_random) | >= 2.0 |
## Modules
diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf
index 10277e4..d2f4f3e 100644
--- a/examples/simple/versions.tf
+++ b/examples/simple/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/log_forwarder/README.md b/modules/log_forwarder/README.md
index 0dd95e9..d6946d8 100644
--- a/modules/log_forwarder/README.md
+++ b/modules/log_forwarder/README.md
@@ -41,22 +41,22 @@ module "datadog_log_forwarder" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
| [null](#requirement\_null) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.0 |
| [null](#provider\_null) | >= 3.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [this\_s3\_bucket](#module\_this\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | v3.6.1 |
+| [this\_s3\_bucket](#module\_this\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | v5.2.0 |
## Resources
@@ -79,7 +79,7 @@ module "datadog_log_forwarder" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | [
"x86_64"
]
| no |
+| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["arm64"]` | `list(string)` | [
"arm64"
]
| no |
| [bucket\_attach\_deny\_insecure\_transport\_policy](#input\_bucket\_attach\_deny\_insecure\_transport\_policy) | Controls if S3 bucket should have deny non-SSL transport policy attacheds | `bool` | `false` | no |
| [bucket\_encryption\_settings](#input\_bucket\_encryption\_settings) | S3 bucket server side encryption settings | `map(string)` | {
"sse_algorithm": "AES256"
} | no |
| [bucket\_name](#input\_bucket\_name) | Forwarder S3 bucket name | `string` | `""` | no |
@@ -93,7 +93,7 @@ module "datadog_log_forwarder" {
| [dd\_api\_key\_secret\_arn](#input\_dd\_api\_key\_secret\_arn) | The ARN of the Secrets Manager secret storing the Datadog API key, if you already have it stored in Secrets Manager | `string` | `""` | no |
| [dd\_site](#input\_dd\_site) | Define your Datadog Site to send data to. For the Datadog EU site, set to datadoghq.eu | `string` | `"datadoghq.com"` | no |
| [environment\_variables](#input\_environment\_variables) | A map of environment variables for the forwarder lambda function | `map(string)` | `{}` | no |
-| [forwarder\_version](#input\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.130.0"` | no |
+| [forwarder\_version](#input\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"4.12.0"` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
| [lambda\_tags](#input\_lambda\_tags) | A map of tags to apply to the forwarder lambda function | `map(string)` | `{}` | no |
| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to the forwarder lambda | `list(string)` | `[]` | no |
@@ -112,7 +112,7 @@ module "datadog_log_forwarder" {
| [role\_path](#input\_role\_path) | Forwarder role path | `string` | `null` | no |
| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the forwarder role | `string` | `null` | no |
| [role\_tags](#input\_role\_tags) | A map of tags to apply to the forwarder role | `map(string)` | `{}` | no |
-| [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.11"` | no |
+| [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.12"` | no |
| [s3\_log\_bucket\_arns](#input\_s3\_log\_bucket\_arns) | S3 log buckets for forwarder to read and forward logs to Datadog | `list(string)` | `[]` | no |
| [s3\_zip\_kms\_key\_id](#input\_s3\_zip\_kms\_key\_id) | The AWS KMS Key ARN to use for object encryption | `string` | `null` | no |
| [s3\_zip\_metadata](#input\_s3\_zip\_metadata) | A map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-` | `map(string)` | `{}` | no |
diff --git a/modules/log_forwarder/main.tf b/modules/log_forwarder/main.tf
index ea18b9e..eed1c2d 100644
--- a/modules/log_forwarder/main.tf
+++ b/modules/log_forwarder/main.tf
@@ -1,5 +1,5 @@
locals {
- bucket_name = var.bucket_name != "" ? var.bucket_name : "datadog-forwarder-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
+ bucket_name = var.bucket_name != "" ? var.bucket_name : "datadog-forwarder-${data.aws_caller_identity.current[0].account_id}-${data.aws_region.current[0].region}"
dd_api_key = var.dd_api_key != "" ? { DD_API_KEY = var.dd_api_key } : {}
dd_api_key_secret_arn = var.dd_api_key_secret_arn != "" ? { DD_API_KEY_SECRET_ARN = var.dd_api_key_secret_arn } : {}
@@ -15,8 +15,12 @@ locals {
forwarder_zip = "${path.module}/${local.zip_name}"
}
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
+data "aws_caller_identity" "current" {
+ count = var.create ? 1 : 0
+}
+data "aws_region" "current" {
+ count = var.create ? 1 : 0
+}
################################################################################
# Forwarder Bucket
@@ -24,7 +28,7 @@ data "aws_region" "current" {}
module "this_s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
- version = "v3.6.1"
+ version = "v5.2.0"
create_bucket = var.create && var.create_bucket
bucket = local.bucket_name
@@ -54,7 +58,13 @@ module "this_s3_bucket" {
# Forwarder IAM Role
################################################################################
+locals {
+ create_role = var.create && var.create_role
+}
+
data "aws_iam_policy_document" "this" {
+ count = local.create_role ? 1 : 0
+
statement {
actions = [
"sts:AssumeRole",
@@ -68,14 +78,14 @@ data "aws_iam_policy_document" "this" {
}
resource "aws_iam_role" "this" {
- count = var.create && var.create_role ? 1 : 0
+ count = local.create_role ? 1 : 0
name = var.use_role_name_prefix ? null : local.role_name
name_prefix = var.use_role_name_prefix ? "${local.role_name}-" : null
description = local.description
path = var.role_path
- assume_role_policy = data.aws_iam_policy_document.this.json
+ assume_role_policy = data.aws_iam_policy_document.this[0].json
max_session_duration = var.role_max_session_duration
permissions_boundary = var.role_permissions_boundary
force_detach_policies = true
@@ -84,7 +94,7 @@ resource "aws_iam_role" "this" {
}
resource "aws_iam_policy" "this" {
- count = var.create && var.create_role_policy ? 1 : 0
+ count = local.create_role && var.create_role_policy ? 1 : 0
name = var.use_policy_name_prefix ? null : local.policy_name
name_prefix = var.use_policy_name_prefix ? "${local.policy_name}-" : null
@@ -106,7 +116,7 @@ resource "aws_iam_policy" "this" {
}
resource "aws_iam_role_policy_attachment" "this" {
- count = var.create && var.create_role ? 1 : 0
+ count = local.create_role ? 1 : 0
role = aws_iam_role.this[0].id
policy_arn = var.create_role_policy ? aws_iam_policy.this[0].id : var.policy_arn
@@ -205,8 +215,8 @@ resource "aws_lambda_permission" "cloudwatch" {
statement_id = "datadog-forwarder-CloudWatchLogsPermission"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.this[0].function_name
- principal = "logs.${data.aws_region.current.name}.amazonaws.com"
- source_account = data.aws_caller_identity.current.account_id
+ principal = "logs.${data.aws_region.current[0].region}.amazonaws.com"
+ source_account = data.aws_caller_identity.current[0].account_id
}
resource "aws_lambda_permission" "s3" {
@@ -216,7 +226,7 @@ resource "aws_lambda_permission" "s3" {
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.this[0].function_name
principal = "s3.amazonaws.com"
- source_account = data.aws_caller_identity.current.account_id
+ source_account = data.aws_caller_identity.current[0].account_id
}
resource "aws_cloudwatch_log_group" "this" {
diff --git a/modules/log_forwarder/variables.tf b/modules/log_forwarder/variables.tf
index 62a35e9..3a27385 100644
--- a/modules/log_forwarder/variables.tf
+++ b/modules/log_forwarder/variables.tf
@@ -194,7 +194,7 @@ variable "s3_log_bucket_arns" {
variable "forwarder_version" {
description = "Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases"
type = string
- default = "3.130.0"
+ default = "4.12.0"
}
variable "name" {
@@ -206,7 +206,7 @@ variable "name" {
variable "runtime" {
description = "Lambda function runtime"
type = string
- default = "python3.11"
+ default = "python3.12"
}
variable "layers" {
@@ -234,9 +234,9 @@ variable "publish" {
}
variable "architectures" {
- description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"x86_64\"]`"
+ description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"arm64\"]`"
type = list(string)
- default = ["x86_64"]
+ default = ["arm64"]
}
variable "reserved_concurrent_executions" {
diff --git a/modules/log_forwarder/versions.tf b/modules/log_forwarder/versions.tf
index c3628d3..d64828e 100644
--- a/modules/log_forwarder/versions.tf
+++ b/modules/log_forwarder/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.0"
}
null = {
source = "hashicorp/null"
diff --git a/modules/rds_enhanced_monitoring_forwarder/README.md b/modules/rds_enhanced_monitoring_forwarder/README.md
index 8810861..7d0ffc8 100644
--- a/modules/rds_enhanced_monitoring_forwarder/README.md
+++ b/modules/rds_enhanced_monitoring_forwarder/README.md
@@ -29,14 +29,14 @@ module "datadog_rds_enhanced_monitoring_forwarder" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.0 |
## Modules
@@ -60,7 +60,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | [
"x86_64"
]
| no |
+| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["arm64"]` | `list(string)` | [
"arm64"
]
| no |
| [create](#input\_create) | Controls whether the forwarder resources should be created | `bool` | `true` | no |
| [create\_role](#input\_create\_role) | Controls whether an IAM role is created for the forwarder | `bool` | `true` | no |
| [create\_role\_policy](#input\_create\_role\_policy) | Controls whether an IAM role policy is created for the forwarder | `bool` | `true` | no |
@@ -68,7 +68,7 @@ No modules.
| [dd\_api\_key\_secret\_arn](#input\_dd\_api\_key\_secret\_arn) | The ARN of the Secrets Manager secret storing the Datadog API key, if you already have it stored in Secrets Manager | `string` | `""` | no |
| [dd\_site](#input\_dd\_site) | Define your Datadog Site to send data to. For the Datadog EU site, set to datadoghq.eu | `string` | `"datadoghq.com"` | no |
| [environment\_variables](#input\_environment\_variables) | A map of environment variables for the forwarder lambda function | `map(string)` | `{}` | no |
-| [forwarder\_version](#input\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.130.0"` | no |
+| [forwarder\_version](#input\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"4.12.0"` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
| [lambda\_tags](#input\_lambda\_tags) | A map of tags to apply to the forwarder lambda function | `map(string)` | `{}` | no |
| [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to the forwarder lambda | `list(string)` | `[]` | no |
@@ -82,14 +82,14 @@ No modules.
| [publish](#input\_publish) | Whether to publish creation/change as a new Lambda Function Version | `bool` | `false` | no |
| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for the forwarder lambda function | `number` | `10` | no |
| [role\_arn](#input\_role\_arn) | IAM role arn for forwarder lambda function to utilize | `string` | `null` | no |
-| [role\_max\_session\_duration](#input\_role\_max\_session\_duration) | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | `number` | `null` | no |
+| [role\_max\_session\_duration](#input\_role\_max\_session\_duration) | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours | `number` | `null` | no |
| [role\_name](#input\_role\_name) | Forwarder role name | `string` | `""` | no |
| [role\_path](#input\_role\_path) | Forwarder role path | `string` | `null` | no |
-| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the forwarder role. | `string` | `null` | no |
+| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the forwarder role | `string` | `null` | no |
| [role\_tags](#input\_role\_tags) | A map of tags to apply to the forwarder role | `map(string)` | `{}` | no |
-| [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.11"` | no |
-| [security\_group\_ids](#input\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no |
-| [subnet\_ids](#input\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no |
+| [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.12"` | no |
+| [security\_group\_ids](#input\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC | `list(string)` | `null` | no |
+| [subnet\_ids](#input\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets | `list(string)` | `null` | no |
| [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no |
| [timeout](#input\_timeout) | The amount of time the forwarder lambda has to execute in seconds | `number` | `10` | no |
| [use\_policy\_name\_prefix](#input\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `policy_name` for the forwarder policy | `bool` | `false` | no |
diff --git a/modules/rds_enhanced_monitoring_forwarder/main.tf b/modules/rds_enhanced_monitoring_forwarder/main.tf
index d1a5e79..adc5612 100644
--- a/modules/rds_enhanced_monitoring_forwarder/main.tf
+++ b/modules/rds_enhanced_monitoring_forwarder/main.tf
@@ -9,14 +9,24 @@ locals {
policy_name = coalesce(var.policy_name, var.name)
}
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
+data "aws_caller_identity" "current" {
+ count = var.create ? 1 : 0
+}
+data "aws_region" "current" {
+ count = var.create ? 1 : 0
+}
################################################################################
# Forwarder IAM Role
################################################################################
+locals {
+ create_role = var.create && var.create_role
+}
+
data "aws_iam_policy_document" "this" {
+ count = local.create_role ? 1 : 0
+
statement {
actions = [
"sts:AssumeRole",
@@ -30,14 +40,14 @@ data "aws_iam_policy_document" "this" {
}
resource "aws_iam_role" "this" {
- count = var.create && var.create_role ? 1 : 0
+ count = local.create_role ? 1 : 0
name = var.use_role_name_prefix ? null : local.role_name
name_prefix = var.use_role_name_prefix ? "${local.role_name}-" : null
description = local.description
path = var.role_path
- assume_role_policy = data.aws_iam_policy_document.this.json
+ assume_role_policy = data.aws_iam_policy_document.this[0].json
max_session_duration = var.role_max_session_duration
permissions_boundary = var.role_permissions_boundary
force_detach_policies = true
@@ -46,7 +56,7 @@ resource "aws_iam_role" "this" {
}
resource "aws_iam_policy" "this" {
- count = var.create && var.create_role_policy ? 1 : 0
+ count = local.create_role && var.create_role_policy ? 1 : 0
name = var.use_policy_name_prefix ? null : local.policy_name
name_prefix = var.use_policy_name_prefix ? "${local.policy_name}-" : null
@@ -65,7 +75,7 @@ resource "aws_iam_policy" "this" {
}
resource "aws_iam_role_policy_attachment" "this" {
- count = var.create && var.create_role ? 1 : 0
+ count = local.create_role ? 1 : 0
role = aws_iam_role.this[0].id
policy_arn = var.create_role_policy ? aws_iam_policy.this[0].id : var.policy_arn
@@ -124,7 +134,7 @@ resource "aws_lambda_permission" "cloudwatch" {
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.this[0].function_name
principal = "logs.amazonaws.com"
- source_arn = "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:RDSOSMetrics:*"
+ source_arn = "arn:aws:logs:${data.aws_region.current[0].region}:${data.aws_caller_identity.current[0].account_id}:log-group:RDSOSMetrics:*"
}
resource "aws_cloudwatch_log_group" "this" {
diff --git a/modules/rds_enhanced_monitoring_forwarder/variables.tf b/modules/rds_enhanced_monitoring_forwarder/variables.tf
index 3ccb072..4497fc0 100644
--- a/modules/rds_enhanced_monitoring_forwarder/variables.tf
+++ b/modules/rds_enhanced_monitoring_forwarder/variables.tf
@@ -61,13 +61,13 @@ variable "role_path" {
}
variable "role_max_session_duration" {
- description = "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours."
+ description = "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours"
type = number
default = null
}
variable "role_permissions_boundary" {
- description = "The ARN of the policy that is used to set the permissions boundary for the forwarder role."
+ description = "The ARN of the policy that is used to set the permissions boundary for the forwarder role"
type = string
default = null
}
@@ -112,7 +112,7 @@ variable "policy_path" {
variable "forwarder_version" {
description = "Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases"
type = string
- default = "3.130.0"
+ default = "4.12.0"
}
variable "name" {
@@ -124,7 +124,7 @@ variable "name" {
variable "runtime" {
description = "Lambda function runtime"
type = string
- default = "python3.11"
+ default = "python3.12"
}
variable "layers" {
@@ -152,9 +152,9 @@ variable "publish" {
}
variable "architectures" {
- description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"x86_64\"]`"
+ description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"arm64\"]`"
type = list(string)
- default = ["x86_64"]
+ default = ["arm64"]
}
variable "reserved_concurrent_executions" {
@@ -170,13 +170,13 @@ variable "kms_key_arn" {
}
variable "subnet_ids" {
- description = "List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets."
+ description = "List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets"
type = list(string)
default = null
}
variable "security_group_ids" {
- description = "List of security group ids when Lambda Function should run in the VPC."
+ description = "List of security group ids when Lambda Function should run in the VPC"
type = list(string)
default = null
}
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.131.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.131.0.zip
new file mode 100644
index 0000000..77a06c2
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.131.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.132.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.132.0.zip
new file mode 100644
index 0000000..77a06c2
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.132.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.133.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.133.0.zip
new file mode 100644
index 0000000..f764461
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.133.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.134.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.134.0.zip
new file mode 100644
index 0000000..f764461
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/3.134.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.0.zip
new file mode 100644
index 0000000..dc423cb
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.1.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.1.zip
new file mode 100644
index 0000000..dc423cb
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.1.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.2.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.2.zip
new file mode 100644
index 0000000..dc423cb
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.0.2.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.1.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.1.0.zip
new file mode 100644
index 0000000..38dbf34
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.1.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.10.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.10.0.zip
new file mode 100644
index 0000000..5fc89f3
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.10.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.11.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.11.0.zip
new file mode 100644
index 0000000..79ab71a
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.11.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.12.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.12.0.zip
new file mode 100644
index 0000000..79ab71a
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.12.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.2.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.2.0.zip
new file mode 100644
index 0000000..38dbf34
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.2.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.3.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.3.0.zip
new file mode 100644
index 0000000..7c593d9
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.3.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.4.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.4.0.zip
new file mode 100644
index 0000000..7c593d9
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.4.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.5.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.5.0.zip
new file mode 100644
index 0000000..7c593d9
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.5.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.6.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.6.0.zip
new file mode 100644
index 0000000..66a58c8
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.6.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.7.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.7.0.zip
new file mode 100644
index 0000000..66a58c8
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.7.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.8.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.8.0.zip
new file mode 100644
index 0000000..66a58c8
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.8.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.9.0.zip b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.9.0.zip
new file mode 100644
index 0000000..5fc89f3
Binary files /dev/null and b/modules/rds_enhanced_monitoring_forwarder/vendored_archives/4.9.0.zip differ
diff --git a/modules/rds_enhanced_monitoring_forwarder/versions.tf b/modules/rds_enhanced_monitoring_forwarder/versions.tf
index 29ec41d..db13b0a 100644
--- a/modules/rds_enhanced_monitoring_forwarder/versions.tf
+++ b/modules/rds_enhanced_monitoring_forwarder/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.0"
}
}
}
diff --git a/modules/vpc_flow_log_forwarder/README.md b/modules/vpc_flow_log_forwarder/README.md
index 570b416..8023254 100644
--- a/modules/vpc_flow_log_forwarder/README.md
+++ b/modules/vpc_flow_log_forwarder/README.md
@@ -29,14 +29,14 @@ module "datadog_vpc_flow_log_forwarder" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.0 |
## Modules
@@ -64,7 +64,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | [
"x86_64"
]
| no |
+| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["arm64"]` | `list(string)` | [
"arm64"
]
| no |
| [create](#input\_create) | Controls whether the forwarder resources should be created | `bool` | `true` | no |
| [create\_role](#input\_create\_role) | Controls whether an IAM role is created for the forwarder | `bool` | `true` | no |
| [create\_role\_policy](#input\_create\_role\_policy) | Controls whether an IAM role policy is created for the forwarder | `bool` | `true` | no |
@@ -72,7 +72,7 @@ No modules.
| [dd\_app\_key](#input\_dd\_app\_key) | The Datadog application key associated with the user account that created it, which can be found from the APIs page | `string` | `""` | no |
| [dd\_site](#input\_dd\_site) | Define your Datadog Site to send data to. For the Datadog EU site, set to datadoghq.eu | `string` | `"datadoghq.com"` | no |
| [environment\_variables](#input\_environment\_variables) | A map of environment variables for the forwarder lambda function | `map(string)` | `{}` | no |
-| [forwarder\_version](#input\_forwarder\_version) | VPC flow log monitoring version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.130.0"` | no |
+| [forwarder\_version](#input\_forwarder\_version) | VPC flow log monitoring version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"4.12.0"` | no |
| [kms\_alias](#input\_kms\_alias) | Alias of KMS key used to encrypt the Datadog API keys - must start with `alias/` | `string` | n/a | yes |
| [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
| [lambda\_tags](#input\_lambda\_tags) | A map of tags to apply to the forwarder lambda function | `map(string)` | `{}` | no |
@@ -93,7 +93,7 @@ No modules.
| [role\_path](#input\_role\_path) | Forwarder role path | `string` | `null` | no |
| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the forwarder role | `string` | `null` | no |
| [role\_tags](#input\_role\_tags) | A map of tags to apply to the forwarder role | `map(string)` | `{}` | no |
-| [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.11"` | no |
+| [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.12"` | no |
| [s3\_log\_bucket\_arns](#input\_s3\_log\_bucket\_arns) | S3 log buckets for forwarder to read and forward VPC flow logs to Datadog | `list(string)` | `[]` | no |
| [security\_group\_ids](#input\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC | `list(string)` | `null` | no |
| [subnet\_ids](#input\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets | `list(string)` | `null` | no |
diff --git a/modules/vpc_flow_log_forwarder/main.tf b/modules/vpc_flow_log_forwarder/main.tf
index e3df5d8..a3d30fe 100644
--- a/modules/vpc_flow_log_forwarder/main.tf
+++ b/modules/vpc_flow_log_forwarder/main.tf
@@ -15,15 +15,24 @@ EOF
EOF
}
-data "aws_caller_identity" "current" {}
-
-data "aws_region" "current" {}
+data "aws_caller_identity" "current" {
+ count = var.create ? 1 : 0
+}
+data "aws_region" "current" {
+ count = var.create ? 1 : 0
+}
################################################################################
# Forwarder IAM Role
################################################################################
+locals {
+ create_role = var.create && var.create_role
+}
+
data "aws_iam_policy_document" "this" {
+ count = local.create_role ? 1 : 0
+
statement {
actions = [
"sts:AssumeRole",
@@ -37,14 +46,14 @@ data "aws_iam_policy_document" "this" {
}
resource "aws_iam_role" "this" {
- count = var.create && var.create_role ? 1 : 0
+ count = local.create_role ? 1 : 0
name = var.use_role_name_prefix ? null : local.role_name
name_prefix = var.use_role_name_prefix ? "${local.role_name}-" : null
description = local.description
path = var.role_path
- assume_role_policy = data.aws_iam_policy_document.this.json
+ assume_role_policy = data.aws_iam_policy_document.this[0].json
max_session_duration = var.role_max_session_duration
permissions_boundary = var.role_permissions_boundary
force_detach_policies = true
@@ -53,7 +62,7 @@ resource "aws_iam_role" "this" {
}
resource "aws_iam_policy" "this" {
- count = var.create && var.create_role_policy ? 1 : 0
+ count = local.create_role && var.create_role_policy ? 1 : 0
name = var.use_policy_name_prefix ? null : local.policy_name
name_prefix = var.use_policy_name_prefix ? "${local.policy_name}-" : null
@@ -74,7 +83,7 @@ resource "aws_iam_policy" "this" {
}
resource "aws_iam_role_policy_attachment" "this" {
- count = var.create && var.create_role ? 1 : 0
+ count = local.create_role ? 1 : 0
role = aws_iam_role.this[0].id
policy_arn = var.create_role_policy ? aws_iam_policy.this[0].id : var.policy_arn
@@ -131,8 +140,8 @@ resource "aws_lambda_permission" "cloudwatch" {
statement_id = "datadog-forwarder-CloudWatchLogsPermission"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.this[0].function_name
- principal = "logs.${data.aws_region.current.name}.amazonaws.com"
- source_account = data.aws_caller_identity.current.account_id
+ principal = "logs.${data.aws_region.current[0].region}.amazonaws.com"
+ source_account = data.aws_caller_identity.current[0].account_id
}
resource "aws_lambda_permission" "s3" {
@@ -142,7 +151,7 @@ resource "aws_lambda_permission" "s3" {
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.this[0].function_name
principal = "s3.amazonaws.com"
- source_account = data.aws_caller_identity.current.account_id
+ source_account = data.aws_caller_identity.current[0].account_id
}
resource "aws_cloudwatch_log_group" "this" {
diff --git a/modules/vpc_flow_log_forwarder/variables.tf b/modules/vpc_flow_log_forwarder/variables.tf
index 3c1c5cf..bfd61e9 100644
--- a/modules/vpc_flow_log_forwarder/variables.tf
+++ b/modules/vpc_flow_log_forwarder/variables.tf
@@ -129,7 +129,7 @@ variable "read_cloudwatch_logs" {
variable "forwarder_version" {
description = "VPC flow log monitoring version - see https://github.com/DataDog/datadog-serverless-functions/releases"
type = string
- default = "3.130.0"
+ default = "4.12.0"
}
variable "name" {
@@ -141,7 +141,7 @@ variable "name" {
variable "runtime" {
description = "Lambda function runtime"
type = string
- default = "python3.11"
+ default = "python3.12"
}
variable "layers" {
@@ -169,9 +169,9 @@ variable "publish" {
}
variable "architectures" {
- description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"x86_64\"]`"
+ description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"arm64\"]`"
type = list(string)
- default = ["x86_64"]
+ default = ["arm64"]
}
variable "reserved_concurrent_executions" {
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/3.131.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/3.131.0.zip
new file mode 100644
index 0000000..3946ac4
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/3.131.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/3.132.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/3.132.0.zip
new file mode 100644
index 0000000..319a079
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/3.132.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/3.133.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/3.133.0.zip
new file mode 100644
index 0000000..319a079
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/3.133.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/3.134.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/3.134.0.zip
new file mode 100644
index 0000000..319a079
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/3.134.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.0.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.0.0.zip
new file mode 100644
index 0000000..46f3d7b
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.0.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.0.1.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.0.1.zip
new file mode 100644
index 0000000..46f3d7b
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.0.1.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.0.2.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.0.2.zip
new file mode 100644
index 0000000..003f923
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.0.2.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.1.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.1.0.zip
new file mode 100644
index 0000000..003f923
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.1.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.10.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.10.0.zip
new file mode 100644
index 0000000..0f9c360
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.10.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.11.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.11.0.zip
new file mode 100644
index 0000000..0a1aa06
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.11.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.12.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.12.0.zip
new file mode 100644
index 0000000..0a1aa06
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.12.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.2.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.2.0.zip
new file mode 100644
index 0000000..003f923
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.2.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.3.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.3.0.zip
new file mode 100644
index 0000000..8c0c705
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.3.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.4.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.4.0.zip
new file mode 100644
index 0000000..8c0c705
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.4.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.5.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.5.0.zip
new file mode 100644
index 0000000..40c462a
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.5.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.6.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.6.0.zip
new file mode 100644
index 0000000..40c462a
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.6.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.7.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.7.0.zip
new file mode 100644
index 0000000..40c462a
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.7.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.8.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.8.0.zip
new file mode 100644
index 0000000..0f9c360
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.8.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/vendored_archives/4.9.0.zip b/modules/vpc_flow_log_forwarder/vendored_archives/4.9.0.zip
new file mode 100644
index 0000000..0f9c360
Binary files /dev/null and b/modules/vpc_flow_log_forwarder/vendored_archives/4.9.0.zip differ
diff --git a/modules/vpc_flow_log_forwarder/versions.tf b/modules/vpc_flow_log_forwarder/versions.tf
index 29ec41d..db13b0a 100644
--- a/modules/vpc_flow_log_forwarder/versions.tf
+++ b/modules/vpc_flow_log_forwarder/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.0"
}
}
}
diff --git a/variables.tf b/variables.tf
index 7177883..3ac2096 100644
--- a/variables.tf
+++ b/variables.tf
@@ -199,7 +199,7 @@ variable "log_forwarder_s3_log_bucket_arns" {
variable "log_forwarder_version" {
description = "Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases"
type = string
- default = "3.130.0"
+ default = "4.12.0"
}
variable "create_log_forwarder" {
@@ -217,7 +217,7 @@ variable "log_forwarder_name" {
variable "log_forwarder_runtime" {
description = "Lambda function runtime"
type = string
- default = "python3.11"
+ default = "python3.12"
}
variable "log_forwarder_layers" {
@@ -245,9 +245,9 @@ variable "log_forwarder_publish" {
}
variable "log_forwarder_architectures" {
- description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"x86_64\"]`"
+ description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"arm64\"]`"
type = list(string)
- default = ["x86_64"]
+ default = ["arm64"]
}
variable "log_forwarder_reserved_concurrent_executions" {
@@ -387,7 +387,7 @@ variable "rds_em_forwarder_policy_path" {
variable "rds_em_forwarder_version" {
description = "RDS enhanced monitoring lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases"
type = string
- default = "3.130.0"
+ default = "4.12.0"
}
variable "create_rds_em_forwarder" {
@@ -405,7 +405,7 @@ variable "rds_em_forwarder_name" {
variable "rds_em_forwarder_runtime" {
description = "Lambda function runtime"
type = string
- default = "python3.8"
+ default = "python3.12"
}
variable "rds_em_forwarder_layers" {
@@ -433,9 +433,9 @@ variable "rds_em_forwarder_publish" {
}
variable "rds_em_forwarder_architectures" {
- description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"x86_64\"]`"
+ description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"arm64\"]`"
type = list(string)
- default = ["x86_64"]
+ default = ["arm64"]
}
variable "rds_em_forwarder_reserved_concurrent_executions" {
@@ -587,7 +587,7 @@ variable "vpc_fl_forwarder_read_cloudwatch_logs" {
variable "vpc_fl_forwarder_version" {
description = "VPC flow log lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases"
type = string
- default = "3.130.0"
+ default = "4.12.0"
}
variable "create_vpc_fl_forwarder" {
@@ -605,7 +605,7 @@ variable "vpc_fl_forwarder_name" {
variable "vpc_fl_forwarder_runtime" {
description = "Lambda function runtime"
type = string
- default = "python3.8"
+ default = "python3.12"
}
variable "vpc_fl_forwarder_layers" {
@@ -633,9 +633,9 @@ variable "vpc_fl_forwarder_publish" {
}
variable "vpc_fl_forwarder_architectures" {
- description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"x86_64\"]`"
+ description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"arm64\"]`"
type = list(string)
- default = ["x86_64"]
+ default = ["arm64"]
}
variable "vpc_fl_forwarder_reserved_concurrent_executions" {
diff --git a/vendor.sh b/vendor.sh
index fff96f6..0a1dfda 100755
--- a/vendor.sh
+++ b/vendor.sh
@@ -5,7 +5,7 @@ cd $(dirname $0)
BASE_URL='https://raw.githubusercontent.com/DataDog/datadog-serverless-functions'
REFS_URL='https://api.github.com/repos/DataDog/datadog-serverless-functions/git/refs/tags'
-for VERSION in $(curl $REFS_URL | jq '.[].ref' | grep -o '3\.[0-9]*\.[0-9]')
+for VERSION in $(curl $REFS_URL | jq '.[].ref' | grep -o '4\.[0-9]*\.[0-9]')
do
rds_enhanced_monitoring="${BASE_URL}/aws-dd-forwarder-${VERSION}/aws/rds_enhanced_monitoring/lambda_function.py"
vpc_flow_log_monitoring="${BASE_URL}/aws-dd-forwarder-${VERSION}/aws/vpc_flow_log_monitoring/lambda_function.py"
diff --git a/versions.tf b/versions.tf
index 29ec41d..db13b0a 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.0"
}
}
}