module "example-s3" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-aws-data-firehose"
cloudwatch_log_group_names = ["example-1", "example-2", "example-3"]
destination_bucket_arn = aws_s3_bucket.example.arn
tags = local.tags
}
module "example-http" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-aws-data-firehose"
cloudwatch_log_group_names = ["example-1", "example-2", "example-3"]
destination_http_endpoint = "https://example-url.com/endpoint"
tags = local.tags
}
This module creates an AWS Data Stream to be used by a set of AWS CloudWatch Log Groups. Data is streamed from the Log Groups to either a target S3 bucket or HTTP endpoint using a Cloudwatch Log Subscription Filter.
When a HTTP endpoint is specified, an aws_secretsmanager_secret
resource is created that is polled at 10 minute intervals for credentials.
The aws_secretsmanager_secret
value must be populated independently of this module.
Included in this module are the necessary IAM policy documents and roles for these actions, as well as a KMS key to encrypt the Data Stream.
If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.
Name | Version |
---|---|
terraform | ~> 1.0 |
aws | ~> 5.0 |
random | ~> 3.4 |
Name | Version |
---|---|
aws | 5.71.0 |
random | 3.6.3 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
cloudwatch_filter_pattern | A valid CloudWatch Logs filter pattern for subscribing to a filtered stream of log events. | string |
"" |
no |
cloudwatch_log_group_names | List of CloudWatch Log Group names to stream logs from. | list(string) |
n/a | yes |
destination_bucket_arn | ARN of the bucket for CloudWatch filters. | string |
"" |
no |
destination_http_endpoint | HTTP endpoint for CloudWatch filters. | string |
"" |
no |
s3_compression_format | Allow optional configuration of AWS Data Stream compression. Log Group subscription filters compress logs by default. | string |
"UNCOMPRESSED" |
no |
tags | Map of tags to be applied to resources. | map(string) |
n/a | yes |
Name | Description |
---|---|
cloudwatch_log_group_name | n/a |
data_stream | n/a |
firehose_server_side_encryption_key_arn | n/a |
iam_roles | n/a |
kms_key_arn | n/a |
log_subscriptions | n/a |
secretsmanager_secret_arn | n/a |