From 2239119bd7b2bb0660c25459f20592dfd4016549 Mon Sep 17 00:00:00 2001
From: George Scott <george.scott@wandb.com>
Date: Fri, 1 Sep 2023 15:28:00 -0500
Subject: [PATCH] feat: Enable EKS logs (#134)

* enable cw logs + metrics

* enable eks logs

* log retention

* remove dd
---
 modules/app_eks/iam-policy-docs.tf | 9 +++++++--
 modules/app_eks/main.tf            | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/app_eks/iam-policy-docs.tf b/modules/app_eks/iam-policy-docs.tf
index 237e02b6..82b98158 100644
--- a/modules/app_eks/iam-policy-docs.tf
+++ b/modules/app_eks/iam-policy-docs.tf
@@ -1,8 +1,13 @@
 data "aws_iam_policy_document" "node_cloudwatch" {
   statement {
-    actions   = ["cloudwatch:PutMetricData"]
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:DescribeLogStreams"
+    ]
     effect    = "Allow"
-    resources = ["*"]
+    resources = ["arn:aws:logs:*:*:*"]
   }
 }
 
diff --git a/modules/app_eks/main.tf b/modules/app_eks/main.tf
index cec3f4cf..deb760fb 100644
--- a/modules/app_eks/main.tf
+++ b/modules/app_eks/main.tf
@@ -37,9 +37,11 @@ module "eks" {
   map_roles    = var.map_roles
   map_users    = var.map_users
 
+  cluster_enabled_log_types = [ "api", "audit", "controllerManager", "scheduler" ]
   cluster_endpoint_private_access      = true
   cluster_endpoint_public_access       = var.cluster_endpoint_public_access
   cluster_endpoint_public_access_cidrs = var.cluster_endpoint_public_access_cidrs
+  cluster_log_retention_in_days = 30
 
   cluster_encryption_config = var.kms_key_arn != "" ? [
     {