From d2d09d9bef0f47448a2429d676bdcc319d0481b1 Mon Sep 17 00:00:00 2001 From: Nilesh Gadgi Date: Wed, 22 Nov 2023 00:26:57 +0530 Subject: [PATCH] =?UTF-8?q?Feat:=20=F0=9F=9A=80=20Add=20example=20for=20EC?= =?UTF-8?q?R=20Cloudwatch=20dashboard=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: added example for ecr dashboard and did changes in readme * feat: update terraform version to latest * feat: update dynamic value for ecr dashboard body * feat: added zip fileh and updated output in examples --------- Co-authored-by: Anmol Nagpal --- .deepsource.toml | 4 - .gitignore | 42 +++++-- .releaserc.json | 10 -- Makefile | 3 - README.yaml | 133 +++++++++++----------- _example/complete/main.tf | 4 - _example/complete/output.tf | 4 + _example/complete/versions.tf | 11 -- _example/ecr_dashboard/ecr_dashboard.json | 63 ++++++++++ _example/ecr_dashboard/main.tf | 38 +++++++ _example/ecr_dashboard/output.tf | 4 + _test/complete/watch_test.go | 31 ----- outputs.tf | 3 +- versions.tf | 2 +- 14 files changed, 215 insertions(+), 137 deletions(-) delete mode 100644 .deepsource.toml delete mode 100644 .releaserc.json delete mode 100644 Makefile create mode 100644 _example/complete/output.tf delete mode 100644 _example/complete/versions.tf create mode 100644 _example/ecr_dashboard/ecr_dashboard.json create mode 100644 _example/ecr_dashboard/main.tf create mode 100644 _example/ecr_dashboard/output.tf delete mode 100644 _test/complete/watch_test.go diff --git a/.deepsource.toml b/.deepsource.toml deleted file mode 100644 index 9fa5be7..0000000 --- a/.deepsource.toml +++ /dev/null @@ -1,4 +0,0 @@ -version = 1 - -[[analyzers]] -name = "terraform" diff --git a/.gitignore b/.gitignore index 46e3cbd..c9df9f1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,36 @@ -# ignored files -*.tfstate -*.tfstate.backup -.terraform .idea -*.iml -go.sum -*.terraform.lock.hcl \ No newline at end of file + +################################################################# +# Default .gitignore content for all terraform-aws-modules below +################################################################# + +# Local .terraform directories +**/.terraform/* + +# Terraform lockfile +**/*.terraform.lock.hcl + +# .tfstate files +**/*.tfstate +**/*.tfstate.* +**/*.tfplan + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +**/*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/.releaserc.json b/.releaserc.json deleted file mode 100644 index 548e644..0000000 --- a/.releaserc.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "branches": [ - "main" - ], - "plugins": [ - "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator", - "@semantic-release/github" - ] -} diff --git a/Makefile b/Makefile deleted file mode 100644 index d9e69c6..0000000 --- a/Makefile +++ /dev/null @@ -1,3 +0,0 @@ -export GENIE_PATH ?= $(shell 'pwd')/../../../genie - -include $(GENIE_PATH)/Makefile \ No newline at end of file diff --git a/README.yaml b/README.yaml index 1463472..a28f536 100644 --- a/README.yaml +++ b/README.yaml @@ -40,77 +40,80 @@ include: # yamllint disable rule:line-length usage: |- Here are the example of how you can use this module in your inventory structure: - ### Example + ### Complete Example ```hcl - provider "aws" { - region = "us-east-1" + locals { + name = "dashboard" + environment = "test" + region = "us-east-1" } - module "dashboard" { - source = "../../" - start = "-PT4H" - widgets = [ - { - height = 5 - width = 14 - y = 19 - x = 10 + ##----------------------------------------------------------------------------- + ## LAMBDA + ##----------------------------------------------------------------------------- + module "lambda" { + source = "clouddrove/lambda/aws" + version = "1.3.1" - type = "metric" - properties = { - metrics = [ - [ "ContainerInsights", "pod_number_of_container_restarts", "PodName", "api", "ClusterName", "prod-xcheck-eks-cluster", "Namespace", "api-mbj" ], - [ "...", "testing", ".", ".", ".", "testing" ], - ] - view = "pie" - stacked = false - region = "us-east-1" - liveData = true - title = "Number of container restarts" - period = 300 - setPeriodToTimeRange = false, - stat = "Average" - legend = { - "position": "bottom" - } - sparkline = true - trend = true - labels = { - "visible": "true" - } - } - }, - { - height = 14 - width = 10 - y = 5 - x = 0 + name = "${local.name}-lambda-function" + environment = local.environment - type = "metric" - properties = { - metrics = [ - [ "ContainerInsights", "pod_memory_utilization", "PodName", "api", "ClusterName", "test-xcheck-eks-cluster", "Namespace", "api-puj" ], - [ "...", "api-test" ], - ] - view = "pie" - region = "us-east-1" - title = "Tet pod Memory Utilization" - period = 300 - trend = true - liveData = true - sparkline = true - setPeriodToTimeRange = false, - labels = { - "visible": "true" - } - } - } - ] + enable = true + timeout = 60 + runtime = "python3.8" + handler = "index.lambda_handler" + filename = "./test-dashboard-lambda-function.zip" + layer_filenames = ["./test-dashboard-lambda-function.zip"] + names = ["python_layer"] + compatible_runtimes = [["python3.8"]] + iam_actions = ["logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents"] + statement_ids = ["AllowExecutionFromCloudWatch"] + actions = ["lambda:InvokeFunction"] + principals = ["apigateway.amazonaws.com"] + reserved_concurrent_executions = null } - resource "aws_cloudwatch_dashboard" "dashboard" { - dashboard_body = module.dashboard.json_map_encoded - dashboard_name = "test-dashboard" - } + ##----------------------------------------------------------------------------- + ## CLOUDWATCH DASHBOARD + ##----------------------------------------------------------------------------- + module "cloudwatch_dashboard" { + source = "clouddrove/cloudwatch-dashboard/aws" + version = "1.0.0" + enable = true + name = local.name + environment = local.environment + dashboard_body = templatefile("${path.module}/lambda_dashboard.json", { + region = local.region + lambda_function_name = split(":", module.lambda.arn)[6] + }) + } + + output "dashboard_arn" { + value = module.cloudwatch_dashboard.dashboard_arn + } + ``` + + ### ECR Dashboard Example + ```hcl + locals { + name = "dashboard" + environment = "test" + region = "us-east-1" + } + + ##----------------------------------------------------------------------------- + ## CLOUDWATCH DASHBOARD + ##----------------------------------------------------------------------------- + module "cloudwatch_dashboard" { + source = "clouddrove/cloudwatch-dashboard/aws" + version = "1.0.0" + + enable = true + name = local.name + environment = local.environment + dashboard_body = templatefile("${path.module}/ecr_dashboard.json", { + region = local.region + }) + } ``` \ No newline at end of file diff --git a/_example/complete/main.tf b/_example/complete/main.tf index 9234e9a..a856844 100644 --- a/_example/complete/main.tf +++ b/_example/complete/main.tf @@ -46,8 +46,4 @@ module "cloudwatch_dashboard" { region = local.region lambda_function_name = split(":", module.lambda.arn)[6] }) -} - -output "dashboard_arn" { - value = module.cloudwatch_dashboard.dashboard_arn } \ No newline at end of file diff --git a/_example/complete/output.tf b/_example/complete/output.tf new file mode 100644 index 0000000..868969b --- /dev/null +++ b/_example/complete/output.tf @@ -0,0 +1,4 @@ +output "dashboard_arn" { + description = "The Amazon Resource Name (ARN) of the dashboard" + value = module.cloudwatch_dashboard.dashboard_arn +} \ No newline at end of file diff --git a/_example/complete/versions.tf b/_example/complete/versions.tf deleted file mode 100644 index 5f9eed3..0000000 --- a/_example/complete/versions.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Terraform version -terraform { - required_version = ">= 1.6.2" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.48.0" - } - } -} \ No newline at end of file diff --git a/_example/ecr_dashboard/ecr_dashboard.json b/_example/ecr_dashboard/ecr_dashboard.json new file mode 100644 index 0000000..90ab160 --- /dev/null +++ b/_example/ecr_dashboard/ecr_dashboard.json @@ -0,0 +1,63 @@ +{ + "start": "-P1M", + "widgets": [ + { + "type": "log", + "x": 0, + "y": 0, + "width": 24, + "height": 6, + "properties": { + "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n | fields @timestamp, @message\n\n\n\n | stats count(*) as apiCalls by userIdentity.accountId as accountId,\n\nrequestParameters.repositoryName as repository\n| sort accountId desc", + "region": "${region}", + "title": "Images per Accounts", + "view": "table" + } + }, + { + "type": "log", + "x": 0, + "y": 6, + "width": 12, + "height": 6, + "properties": { + "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n\n\n\n\n | fields @timestamp, @message\n\n\n\n\n\n\n\n | stats count_distinct(requestParameters.repositoryName) as Images by\nuserIdentity.accountId as accountId\n\n\n| sort Images desc", + "region": "${region}", + "title": "Usage by Accounts", + "view": "pie", + "legend": { + "position": "left" + } + } + }, + { + "type": "log", + "x": 12, + "y": 6, + "width": 12, + "height": 6, + "properties": { + "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n\n\n\n\n | fields @timestamp, @message\n\n\n\n\n\n\n\n | stats count_distinct(userIdentity.accountId) as Accounts by requestParameters.repositoryName as imageName \n\n\n| sort Accounts desc", + "region": "${region}", + "title": "ECR Repositories Usage", + "view": "pie", + "legend": { + "position": "left" + } + } + }, + { + "type": "log", + "x": 0, + "y": 12, + "width": 24, + "height": 6, + "properties": { + "query": "SOURCE '${log-group}' | filter eventName = 'BatchGetImage'\n\n\n\n | fields @timestamp, @message\n\n\n\n | stats count(*) as apiCalls by userIdentity.accountId as accountId,\n\nrequestParameters.repositoryName as repository, coalesce(requestParameters.imageIds.0.imageTag, requestParameters.imageIds.0.imageDigest) as tag\n| sort accountId desc", + "region": "${region}", + "title": "Images and tags per accounts", + "view": "table" + } + } + ] +} \ No newline at end of file diff --git a/_example/ecr_dashboard/main.tf b/_example/ecr_dashboard/main.tf new file mode 100644 index 0000000..9787f12 --- /dev/null +++ b/_example/ecr_dashboard/main.tf @@ -0,0 +1,38 @@ +provider "aws" { + region = local.region +} + +locals { + name = "dashboard" + environment = "test" + region = "us-east-1" +} + +##----------------------------------------------------------------------------- +## Private ECR. +##----------------------------------------------------------------------------- +module "private_ecr" { + source = "clouddrove/ecr/aws" + version = "1.3.2" + + enable_private_ecr = true + name = format("%s-private-ecr",local.name) + environment = local.environment + scan_on_push = true + max_image_count = 7 +} + +##----------------------------------------------------------------------------- +## CLOUDWATCH DASHBOARD +##----------------------------------------------------------------------------- +module "cloudwatch_dashboard" { + source = "../../" + + enable = true + name = local.name + environment = local.environment + dashboard_body = templatefile("${path.module}/ecr_dashboard.json", { + region = local.region + log-group = "cloudtrail-log-group" # Log group of the cloudtrail or log group name where the ECR history/API Calls is stored + }) +} \ No newline at end of file diff --git a/_example/ecr_dashboard/output.tf b/_example/ecr_dashboard/output.tf new file mode 100644 index 0000000..868969b --- /dev/null +++ b/_example/ecr_dashboard/output.tf @@ -0,0 +1,4 @@ +output "dashboard_arn" { + description = "The Amazon Resource Name (ARN) of the dashboard" + value = module.cloudwatch_dashboard.dashboard_arn +} \ No newline at end of file diff --git a/_test/complete/watch_test.go b/_test/complete/watch_test.go deleted file mode 100644 index 5288cde..0000000 --- a/_test/complete/watch_test.go +++ /dev/null @@ -1,31 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform cloudwatch-alarm module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/stretchr/testify/assert" -) - -func TestCloudWatch(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/complete/", - } - - // This will run `terraform init` and `terraform apply` and fail the test if there are any errors - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "dashboard-test", Tags["Name"]) -} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 3a052a2..aa0e138 100644 --- a/outputs.tf +++ b/outputs.tf @@ -2,5 +2,6 @@ #Description : Terraform module creates Cloudwatch Dashboard on AWS for monitoriing AWS services. output "dashboard_arn" { - value = join("", aws_cloudwatch_dashboard.default[*].dashboard_arn) + description = "The Amazon Resource Name (ARN) of the dashboard" + value = join("", aws_cloudwatch_dashboard.default[*].dashboard_arn) } \ No newline at end of file diff --git a/versions.tf b/versions.tf index e9840c2..68ffa72 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ # Versions # ------------------------------------------------------------------------------ terraform { - required_version = ">= 1.6.2" + required_version = ">= 1.6.4" required_providers { aws = { source = "hashicorp/aws"