Enable log retention for cloudwatch log groups (#387)

yuriipolishchuk · max-rocket-internet · commit bf5dae00e185 · 2019-06-13T10:03:34.000+02:00
* enable log retention for cloudwatch log groups

* revert version bump

* set default retention to 90 days
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,8 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 - Added Termination Policy Option to worker ASGs (by @undeadops)
 - Update EBS optimized instances type (by @gloutsch)
+- Enable log retention for cloudwatch log groups (by @yuriipolishchuk)
+
 
 ### Changed
 
diff --git a/README.md b/README.md
@@ -114,6 +114,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | string | `"false"` | no |
 | cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | string | `"true"` | no |
 | cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false. | string | `""` | no |
+| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days | string | `"90"` | no |
 | cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | n/a | yes |
 | cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `""` | no |
 | cluster\_version | Kubernetes version to use for the EKS cluster. | string | `"1.12"` | no |
diff --git a/cluster.tf b/cluster.tf
@@ -1,3 +1,10 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/eks/${var.cluster_name}/cluster"
+  retention_in_days = "${var.cluster_log_retention_in_days}"
+
+  count = "${length(var.cluster_enabled_log_types) > 0 ? 1 : 0}"
+}
+
 resource "aws_eks_cluster" "this" {
   name                      = "${var.cluster_name}"
   enabled_cluster_log_types = "${var.cluster_enabled_log_types}"
@@ -19,6 +26,7 @@ resource "aws_eks_cluster" "this" {
   depends_on = [
     "aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
     "aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
+    "aws_cloudwatch_log_group.this",
   ]
 }
 
diff --git a/variables.tf b/variables.tf
@@ -4,6 +4,11 @@ variable "cluster_enabled_log_types" {
   type        = "list"
 }
 
+variable "cluster_log_retention_in_days" {
+  default     = "90"
+  description = "Number of days to retain log events. Default retention - 90 days."
+}
+
 variable "cluster_name" {
   description = "Name of the EKS cluster. Also used as a prefix in names of related resources."
 }

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,11 @@ variable "cluster_enabled_log_types" {`
`4`	`4`	`type = "list"`
`5`	`5`	`}`
`6`	`6`
	`7`	`+variable "cluster_log_retention_in_days" {`
	`8`	`+ default = "90"`
	`9`	`+ description = "Number of days to retain log events. Default retention - 90 days."`
	`10`	`+}`
	`11`	`+`
`7`	`12`	`variable "cluster_name" {`
`8`	`13`	`description = "Name of the EKS cluster. Also used as a prefix in names of related resources."`
`9`	`14`	`}`