From 12f4e91f1a4f3ee48b91d222fcae5c51bbe7ab29 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Wed, 12 Jun 2024 04:08:22 -0400 Subject: [PATCH] feat: Added cloudwatch log group `skip_destroy` and `log_group_class` (#553) --- README.md | 2 ++ main.tf | 2 ++ modules/db_instance/README.md | 2 ++ modules/db_instance/main.tf | 2 ++ modules/db_instance/variables.tf | 12 ++++++++++++ variables.tf | 12 ++++++++++++ 6 files changed, 32 insertions(+) diff --git a/README.md b/README.md index 9d382cf6..7c55b61b 100644 --- a/README.md +++ b/README.md @@ -244,8 +244,10 @@ No resources. | [blue\_green\_update](#input\_blue\_green\_update) | Enables low-downtime updates using RDS Blue/Green deployments. | `map(string)` | `{}` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance | `string` | `null` | no | | [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation | `string` | `null` | no | +| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no | | [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no | | [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no | +| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no | | [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no | | [create\_db\_instance](#input\_create\_db\_instance) | Whether to create a database instance | `bool` | `true` | no | diff --git a/main.tf b/main.tf index 45a8227c..a7aa39d6 100644 --- a/main.tf +++ b/main.tf @@ -143,6 +143,8 @@ module "db_instance" { create_cloudwatch_log_group = var.create_cloudwatch_log_group cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days cloudwatch_log_group_kms_key_id = var.cloudwatch_log_group_kms_key_id + cloudwatch_log_group_skip_destroy = var.cloudwatch_log_group_skip_destroy + cloudwatch_log_group_class = var.cloudwatch_log_group_class timeouts = var.timeouts diff --git a/modules/db_instance/README.md b/modules/db_instance/README.md index 6c1656d4..9f6141a3 100644 --- a/modules/db_instance/README.md +++ b/modules/db_instance/README.md @@ -47,8 +47,10 @@ No modules. | [blue\_green\_update](#input\_blue\_green\_update) | Enables low-downtime updates using RDS Blue/Green deployments. | `map(string)` | `{}` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance | `string` | `null` | no | | [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | `string` | `null` | no | +| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no | | [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no | | [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no | +| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no | | [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no | | [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no | diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf index 06f2989f..bb703491 100644 --- a/modules/db_instance/main.tf +++ b/modules/db_instance/main.tf @@ -158,6 +158,8 @@ resource "aws_cloudwatch_log_group" "this" { name = "/aws/rds/instance/${var.identifier}/${each.value}" retention_in_days = var.cloudwatch_log_group_retention_in_days kms_key_id = var.cloudwatch_log_group_kms_key_id + skip_destroy = var.cloudwatch_log_group_skip_destroy + log_group_class = var.cloudwatch_log_group_class tags = var.tags } diff --git a/modules/db_instance/variables.tf b/modules/db_instance/variables.tf index c35abeb7..143783d2 100644 --- a/modules/db_instance/variables.tf +++ b/modules/db_instance/variables.tf @@ -454,6 +454,18 @@ variable "cloudwatch_log_group_kms_key_id" { default = null } +variable "cloudwatch_log_group_skip_destroy" { + description = "Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state" + type = bool + default = null +} + +variable "cloudwatch_log_group_class" { + description = "Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS" + type = string + default = null +} + ################################################################################ # Managed Secret Rotation ################################################################################ diff --git a/variables.tf b/variables.tf index 8837ec24..ab55d55d 100644 --- a/variables.tf +++ b/variables.tf @@ -569,6 +569,18 @@ variable "cloudwatch_log_group_kms_key_id" { default = null } +variable "cloudwatch_log_group_skip_destroy" { + description = "Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state" + type = bool + default = null +} + +variable "cloudwatch_log_group_class" { + description = "Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS" + type = string + default = null +} + variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" type = bool