Feat: 🚀 Add example for ECR Cloudwatch dashboard (#7)

* feat: added example for ecr dashboard and did changes in readme

* feat: update terraform version to latest

* feat: update dynamic value for ecr dashboard body

* feat: added zip fileh and updated output in examples

---------

Co-authored-by: Anmol Nagpal <anmol@clouddrove.com>

.gitignore

@@ -1,8 +1,36 @@
-# ignored files
-*.tfstate
-*.tfstate.backup
-.terraform
 .idea
-*.iml
-go.sum
-*.terraform.lock.hcl
+
+#################################################################
+# Default .gitignore content for all terraform-aws-modules below
+#################################################################
+
+# Local .terraform directories
+**/.terraform/*
+
+# Terraform lockfile
+**/*.terraform.lock.hcl
+
+# .tfstate files
+**/*.tfstate
+**/*.tfstate.*
+**/*.tfplan
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+**/*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

README.yaml

@@ -40,77 +40,80 @@ include:
 # yamllint disable rule:line-length
 usage: |-
   Here are  the example of how you can use this module in your inventory structure:
-  ### Example
+  ### Complete Example
   ```hcl
-    provider "aws" {
-      region = "us-east-1"
+    locals {
+      name        = "dashboard"
+      environment = "test"
+      region      = "us-east-1"
     }
 
-    module "dashboard" {
-      source = "../../"
-      start  = "-PT4H"
-      widgets = [
-        {
-          height = 5
-          width  = 14      
-          y      = 19
-          x      = 10
+    ##-----------------------------------------------------------------------------
+    ## LAMBDA
+    ##-----------------------------------------------------------------------------
+    module "lambda" {
+      source  = "clouddrove/lambda/aws"
+      version = "1.3.1"
 
-          type = "metric"
-          properties = {
-            metrics = [
-                        [ "ContainerInsights", "pod_number_of_container_restarts", "PodName", "api", "ClusterName", "prod-xcheck-eks-cluster", "Namespace", "api-mbj" ],
-                        [ "...", "testing", ".", ".", ".", "testing" ],
-            ]
-            view                  = "pie"
-            stacked               = false
-            region                = "us-east-1"
-            liveData              = true        
-            title                 = "Number of container restarts"
-            period                = 300
-            setPeriodToTimeRange  = false,        
-            stat                  = "Average"
-            legend = {
-              "position": "bottom"
-            }
-            sparkline             = true
-            trend                 = true
-            labels = {
-              "visible": "true"
-            }        
-          }
-        },
-        {
-          height = 14
-          width  = 10     
-          y      = 5
-          x      = 0
+      name        = "${local.name}-lambda-function"
+      environment = local.environment
 
-          type = "metric"
-          properties = {
-            metrics = [
-                        [ "ContainerInsights", "pod_memory_utilization", "PodName", "api", "ClusterName", "test-xcheck-eks-cluster", "Namespace", "api-puj" ],
-                        [ "...", "api-test" ],
-            ]
-            view    = "pie"
-            region  = "us-east-1"
-            title   = "Tet pod Memory Utilization"
-            period  = 300
-            trend    = true
-            liveData = true
-            sparkline = true        
-            setPeriodToTimeRange = false,
-            labels = {
-              "visible": "true"
-            }
-          }
-        }
-      ]
+      enable                         = true
+      timeout                        = 60
+      runtime                        = "python3.8"
+      handler                        = "index.lambda_handler"
+      filename                       = "./test-dashboard-lambda-function.zip"
+      layer_filenames                = ["./test-dashboard-lambda-function.zip"]
+      names                          = ["python_layer"]
+      compatible_runtimes            = [["python3.8"]]
+      iam_actions                    = ["logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents"]
+      statement_ids                  = ["AllowExecutionFromCloudWatch"]
+      actions                        = ["lambda:InvokeFunction"]
+      principals                     = ["apigateway.amazonaws.com"]
+      reserved_concurrent_executions = null
     }
 
-    resource "aws_cloudwatch_dashboard" "dashboard" {
-      dashboard_body = module.dashboard.json_map_encoded
-      dashboard_name = "test-dashboard"
-    } 
+    ##-----------------------------------------------------------------------------
+    ## CLOUDWATCH DASHBOARD
+    ##-----------------------------------------------------------------------------
+    module "cloudwatch_dashboard" {
+      source  = "clouddrove/cloudwatch-dashboard/aws"
+      version = "1.0.0"	
 
+      enable      = true
+      name        = local.name
+      environment = local.environment
+      dashboard_body = templatefile("${path.module}/lambda_dashboard.json", {
+        region               = local.region
+        lambda_function_name = split(":", module.lambda.arn)[6]
+      })
+    }
+
+    output "dashboard_arn" {
+      value = module.cloudwatch_dashboard.dashboard_arn
+    }  
+  ```
+  
+  ### ECR Dashboard Example
+  ```hcl
+    locals {
+      name        = "dashboard"
+      environment = "test"
+      region      = "us-east-1"
+    }
+
+    ##-----------------------------------------------------------------------------
+    ## CLOUDWATCH DASHBOARD
+    ##-----------------------------------------------------------------------------
+    module "cloudwatch_dashboard" {
+      source  = "clouddrove/cloudwatch-dashboard/aws"
+      version = "1.0.0"	
+
+      enable      = true
+      name        = local.name
+      environment = local.environment
+      dashboard_body = templatefile("${path.module}/ecr_dashboard.json", {
+        region               = local.region
+      })
+    }
   ```

_example/complete/main.tf

@@ -46,8 +46,4 @@ module "cloudwatch_dashboard" {
     region               = local.region
     lambda_function_name = split(":", module.lambda.arn)[6]
   })
-}
-
-output "dashboard_arn" {
-  value = module.cloudwatch_dashboard.dashboard_arn
 }

_example/complete/output.tf

@@ -0,0 +1,4 @@
+output "dashboard_arn" {
+  description = "The Amazon Resource Name (ARN) of the dashboard"
+  value = module.cloudwatch_dashboard.dashboard_arn
+}

_example/ecr_dashboard/ecr_dashboard.json

@@ -0,0 +1,63 @@
+{
+    "start": "-P1M",
+    "widgets": [
+        {
+            "type": "log",
+            "x": 0,
+            "y": 0,
+            "width": 24,
+            "height": 6,
+            "properties": {
+                "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n | fields @timestamp, @message\n\n\n\n | stats count(*) as apiCalls by userIdentity.accountId as accountId,\n\nrequestParameters.repositoryName as repository\n| sort accountId desc",
+                "region": "${region}",
+                "title": "Images per Accounts",
+                "view": "table"
+            }
+        },
+        {
+            "type": "log",
+            "x": 0,
+            "y": 6,
+            "width": 12,
+            "height": 6,
+            "properties": {
+                "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n\n\n\n\n | fields @timestamp, @message\n\n\n\n\n\n\n\n | stats count_distinct(requestParameters.repositoryName) as Images by\nuserIdentity.accountId as accountId\n\n\n| sort Images desc",
+                "region": "${region}",
+                "title": "Usage by Accounts",
+                "view": "pie",
+                "legend": {
+                    "position": "left"
+                }
+            }
+        },
+        {
+            "type": "log",
+            "x": 12,
+            "y": 6,
+            "width": 12,
+            "height": 6,
+            "properties": {
+                "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n\n\n\n\n | fields @timestamp, @message\n\n\n\n\n\n\n\n | stats count_distinct(userIdentity.accountId) as Accounts by requestParameters.repositoryName as imageName \n\n\n| sort Accounts desc",
+                "region": "${region}",
+                "title": "ECR Repositories Usage",
+                "view": "pie",
+                "legend": {
+                    "position": "left"
+                }
+            }
+        },
+        {
+            "type": "log",
+            "x": 0,
+            "y": 12,
+            "width": 24,
+            "height": 6,
+            "properties": {
+                "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n | fields @timestamp, @message\n\n\n\n | stats count(*) as apiCalls by userIdentity.accountId as accountId,\n\nrequestParameters.repositoryName as repository, coalesce(requestParameters.imageIds.0.imageTag, requestParameters.imageIds.0.imageDigest) as tag\n| sort accountId desc",
+                "region": "${region}",
+                "title": "Images and tags per accounts",
+                "view": "table"
+            }
+        }
+    ]
+}

_example/ecr_dashboard/main.tf

@@ -0,0 +1,38 @@
+provider "aws" {
+  region = local.region
+}
+
+locals {
+  name        = "dashboard"
+  environment = "test"
+  region      = "us-east-1"
+}
+
+##-----------------------------------------------------------------------------
+## Private ECR.
+##-----------------------------------------------------------------------------
+module "private_ecr" {
+  source  = "clouddrove/ecr/aws"
+  version = "1.3.2"
+
+  enable_private_ecr = true
+  name               = format("%s-private-ecr",local.name)
+  environment        = local.environment
+  scan_on_push       = true
+  max_image_count    = 7
+}
+
+##-----------------------------------------------------------------------------
+## CLOUDWATCH DASHBOARD
+##-----------------------------------------------------------------------------
+module "cloudwatch_dashboard" {
+  source = "../../"
+
+  enable      = true
+  name        = local.name
+  environment = local.environment
+  dashboard_body = templatefile("${path.module}/ecr_dashboard.json", {
+    region         = local.region
+    log-group      = "cloudtrail-log-group"  # Log group of the cloudtrail or log group name where the ECR history/API Calls is stored
+  })
+}

_example/ecr_dashboard/output.tf

@@ -0,0 +1,4 @@
+output "dashboard_arn" {
+  description = "The Amazon Resource Name (ARN) of the dashboard"
+  value = module.cloudwatch_dashboard.dashboard_arn
+}

outputs.tf

@@ -2,5 +2,6 @@
 #Description : Terraform module creates Cloudwatch Dashboard on AWS for monitoriing AWS services.
 
 output "dashboard_arn" {
-  value = join("", aws_cloudwatch_dashboard.default[*].dashboard_arn)
+  description = "The Amazon Resource Name (ARN) of the dashboard"
+  value       = join("", aws_cloudwatch_dashboard.default[*].dashboard_arn)
 }