github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-01-16 00:34:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added Option to use KMS key for cloudwatch logs group. (#404)

Browse Source
This commit is contained in:
till-krauss
2019-06-24 12:53:43 +02:00
committed by Max Williams
parent 8260f1095e
commit ba3377360e
4 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -11,6 +11,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
### Added
- Option to set a KMS key for the log group and encrypt it (by @till-krauss)
- Write your awesome addition here (by @you)
### Changed

1
README.md
View File

@@ -119,6 +119,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
| cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | bool | `"false"` | no |
| cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | bool | `"true"` | no |
| cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false. | string | `""` | no |
| cluster\_log\_kms\_key\_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | `""` | no |
| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days. | number | `"90"` | no |
| cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | n/a | yes |
| cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `""` | no |

1
cluster.tf
View File

@@ -2,6 +2,7 @@ resource "aws_cloudwatch_log_group" "this" {
count = length(var.cluster_enabled_log_types) > 0 ? 1 : 0
name = "/aws/eks/${var.cluster_name}/cluster"
retention_in_days = var.cluster_log_retention_in_days
kms_key_id = var.cluster_log_kms_key_id
}
resource "aws_eks_cluster" "this" {

6
variables.tf
View File

@@ -3,7 +3,11 @@ variable "cluster_enabled_log_types" {
description = "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)"
type = list(string)
}
variable "cluster_log_kms_key_id" {
default = ""
description = "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
type = string
}
variable "cluster_log_retention_in_days" {
default = 90
description = "Number of days to retain log events. Default retention - 90 days."