feat: Add support for using container definition CloudWatch log group name as prefix (#126)

bryantbiggs · web-flow · commit cf4101ea7c4c · 2023-10-30T11:41:23.000-04:00
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.83.3
+    rev: v1.83.5
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
@@ -24,7 +24,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/modules/container-definition/README.md b/modules/container-definition/README.md
@@ -141,6 +141,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_retention_in_days"></a> [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events. Default is 30 days | `number` | `30` | no |
+| <a name="input_cloudwatch_log_group_use_name_prefix"></a> [cloudwatch\_log\_group\_use\_name\_prefix](#input\_cloudwatch\_log\_group\_use\_name\_prefix) | Determines whether the log group name should be used as a prefix | `bool` | `false` | no |
 | <a name="input_command"></a> [command](#input\_command) | The command that's passed to the container | `list(string)` | `[]` | no |
 | <a name="input_cpu"></a> [cpu](#input\_cpu) | The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of `cpu` of all containers in a task will need to be lower than the task-level cpu value | `number` | `null` | no |
 | <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a log group is created by this module. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |
diff --git a/modules/container-definition/main.tf b/modules/container-definition/main.tf
@@ -3,6 +3,8 @@ data "aws_region" "current" {}
 locals {
   is_not_windows = contains(["LINUX"], var.operating_system_family)
 
+  log_group_name = "/aws/ecs/${var.service}/${var.name}"
+
   log_configuration = merge(
     { for k, v in {
       logDriver = "awslogs",
@@ -64,7 +66,8 @@ locals {
 resource "aws_cloudwatch_log_group" "this" {
   count = var.create_cloudwatch_log_group && var.enable_cloudwatch_logging ? 1 : 0
 
-  name              = "/aws/ecs/${var.service}/${var.name}"
+  name              = var.cloudwatch_log_group_use_name_prefix ? null : local.log_group_name
+  name_prefix       = var.cloudwatch_log_group_use_name_prefix ? "${local.log_group_name}-" : null
   retention_in_days = var.cloudwatch_log_group_retention_in_days
   kms_key_id        = var.cloudwatch_log_group_kms_key_id
 
diff --git a/modules/container-definition/variables.tf b/modules/container-definition/variables.tf
@@ -286,6 +286,12 @@ variable "create_cloudwatch_log_group" {
   default     = true
 }
 
+variable "cloudwatch_log_group_use_name_prefix" {
+  description = "Determines whether the log group name should be used as a prefix"
+  type        = bool
+  default     = false
+}
+
 variable "cloudwatch_log_group_retention_in_days" {
   description = "Number of days to retain log events. Default is 30 days"
   type        = number
diff --git a/modules/service/main.tf b/modules/service/main.tf
@@ -572,6 +572,7 @@ module "container_definition" {
   service                                = var.name
   enable_cloudwatch_logging              = try(each.value.enable_cloudwatch_logging, var.container_definition_defaults.enable_cloudwatch_logging, true)
   create_cloudwatch_log_group            = try(each.value.create_cloudwatch_log_group, var.container_definition_defaults.create_cloudwatch_log_group, true)
+  cloudwatch_log_group_use_name_prefix   = try(each.value.cloudwatch_log_group_use_name_prefix, var.container_definition_defaults.cloudwatch_log_group_use_name_prefix, false)
   cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.container_definition_defaults.cloudwatch_log_group_retention_in_days, 14)
   cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.container_definition_defaults.cloudwatch_log_group_kms_key_id, null)
 
diff --git a/wrappers/cluster/main.tf b/wrappers/cluster/main.tf
@@ -3,32 +3,32 @@ module "wrapper" {
 
   for_each = var.items
 
-  create                = try(each.value.create, var.defaults.create, true)
-  tags                  = try(each.value.tags, var.defaults.tags, {})
-  cluster_name          = try(each.value.cluster_name, var.defaults.cluster_name, "")
-  cluster_configuration = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
+  autoscaling_capacity_providers         = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
+  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
+  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
+  cloudwatch_log_group_tags              = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
+  cluster_configuration                  = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
+  cluster_name                           = try(each.value.cluster_name, var.defaults.cluster_name, "")
+  cluster_service_connect_defaults       = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
   cluster_settings = try(each.value.cluster_settings, var.defaults.cluster_settings, {
     name  = "containerInsights"
     value = "enabled"
   })
-  cluster_service_connect_defaults        = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
+  create                                  = try(each.value.create, var.defaults.create, true)
   create_cloudwatch_log_group             = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
-  cloudwatch_log_group_retention_in_days  = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
-  cloudwatch_log_group_kms_key_id         = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
-  cloudwatch_log_group_tags               = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
+  create_task_exec_iam_role               = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
+  create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
   default_capacity_provider_use_fargate   = try(each.value.default_capacity_provider_use_fargate, var.defaults.default_capacity_provider_use_fargate, true)
   fargate_capacity_providers              = try(each.value.fargate_capacity_providers, var.defaults.fargate_capacity_providers, {})
-  autoscaling_capacity_providers          = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
-  create_task_exec_iam_role               = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
+  tags                                    = try(each.value.tags, var.defaults.tags, {})
+  task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_name                 = try(each.value.task_exec_iam_role_name, var.defaults.task_exec_iam_role_name, null)
-  task_exec_iam_role_use_name_prefix      = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
   task_exec_iam_role_path                 = try(each.value.task_exec_iam_role_path, var.defaults.task_exec_iam_role_path, null)
-  task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_permissions_boundary = try(each.value.task_exec_iam_role_permissions_boundary, var.defaults.task_exec_iam_role_permissions_boundary, null)
-  task_exec_iam_role_tags                 = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
   task_exec_iam_role_policies             = try(each.value.task_exec_iam_role_policies, var.defaults.task_exec_iam_role_policies, {})
-  create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
-  task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
-  task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
+  task_exec_iam_role_tags                 = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
+  task_exec_iam_role_use_name_prefix      = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
   task_exec_iam_statements                = try(each.value.task_exec_iam_statements, var.defaults.task_exec_iam_statements, {})
+  task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
+  task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
 }
diff --git a/wrappers/container-definition/main.tf b/wrappers/container-definition/main.tf
@@ -3,15 +3,19 @@ module "wrapper" {
 
   for_each = var.items
 
-  operating_system_family                = try(each.value.operating_system_family, var.defaults.operating_system_family, "LINUX")
+  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
+  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 30)
+  cloudwatch_log_group_use_name_prefix   = try(each.value.cloudwatch_log_group_use_name_prefix, var.defaults.cloudwatch_log_group_use_name_prefix, false)
   command                                = try(each.value.command, var.defaults.command, [])
   cpu                                    = try(each.value.cpu, var.defaults.cpu, null)
+  create_cloudwatch_log_group            = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
   dependencies                           = try(each.value.dependencies, var.defaults.dependencies, [])
   disable_networking                     = try(each.value.disable_networking, var.defaults.disable_networking, null)
   dns_search_domains                     = try(each.value.dns_search_domains, var.defaults.dns_search_domains, [])
   dns_servers                            = try(each.value.dns_servers, var.defaults.dns_servers, [])
   docker_labels                          = try(each.value.docker_labels, var.defaults.docker_labels, {})
   docker_security_options                = try(each.value.docker_security_options, var.defaults.docker_security_options, [])
+  enable_cloudwatch_logging              = try(each.value.enable_cloudwatch_logging, var.defaults.enable_cloudwatch_logging, true)
   entrypoint                             = try(each.value.entrypoint, var.defaults.entrypoint, [])
   environment                            = try(each.value.environment, var.defaults.environment, [])
   environment_files                      = try(each.value.environment_files, var.defaults.environment_files, [])
@@ -29,24 +33,21 @@ module "wrapper" {
   memory_reservation                     = try(each.value.memory_reservation, var.defaults.memory_reservation, null)
   mount_points                           = try(each.value.mount_points, var.defaults.mount_points, [])
   name                                   = try(each.value.name, var.defaults.name, null)
+  operating_system_family                = try(each.value.operating_system_family, var.defaults.operating_system_family, "LINUX")
   port_mappings                          = try(each.value.port_mappings, var.defaults.port_mappings, [])
   privileged                             = try(each.value.privileged, var.defaults.privileged, false)
   pseudo_terminal                        = try(each.value.pseudo_terminal, var.defaults.pseudo_terminal, false)
   readonly_root_filesystem               = try(each.value.readonly_root_filesystem, var.defaults.readonly_root_filesystem, true)
   repository_credentials                 = try(each.value.repository_credentials, var.defaults.repository_credentials, {})
   resource_requirements                  = try(each.value.resource_requirements, var.defaults.resource_requirements, [])
   secrets                                = try(each.value.secrets, var.defaults.secrets, [])
+  service                                = try(each.value.service, var.defaults.service, "")
   start_timeout                          = try(each.value.start_timeout, var.defaults.start_timeout, 30)
   stop_timeout                           = try(each.value.stop_timeout, var.defaults.stop_timeout, 120)
   system_controls                        = try(each.value.system_controls, var.defaults.system_controls, [])
+  tags                                   = try(each.value.tags, var.defaults.tags, {})
   ulimits                                = try(each.value.ulimits, var.defaults.ulimits, [])
   user                                   = try(each.value.user, var.defaults.user, null)
   volumes_from                           = try(each.value.volumes_from, var.defaults.volumes_from, [])
   working_directory                      = try(each.value.working_directory, var.defaults.working_directory, null)
-  service                                = try(each.value.service, var.defaults.service, "")
-  enable_cloudwatch_logging              = try(each.value.enable_cloudwatch_logging, var.defaults.enable_cloudwatch_logging, true)
-  create_cloudwatch_log_group            = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
-  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 30)
-  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
-  tags                                   = try(each.value.tags, var.defaults.tags, {})
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
diff --git a/wrappers/service/main.tf b/wrappers/service/main.tf
