Use existing CloudWatch log group with the same name for both example…

…s for CloudNGFW

examples/cloudngfw_combined_design/example.tfvars

@@ -345,20 +345,20 @@ cloudngfws = {
     }
     log_profiles = {
       dest_1 = {
-        create_cw        = true
-        name             = "PaloAltoCloudNGFWCombined"
+        create_cw        = false
+        name             = "PaloAltoCloudNGFW"
         destination_type = "CloudWatchLogs"
         log_type         = "THREAT"
       }
       dest_2 = {
-        create_cw        = true
-        name             = "PaloAltoCloudNGFWCombined"
+        create_cw        = false
+        name             = "PaloAltoCloudNGFW"
         destination_type = "CloudWatchLogs"
         log_type         = "TRAFFIC"
       }
       dest_3 = {
-        create_cw        = true
-        name             = "PaloAltoCloudNGFWCombined"
+        create_cw        = false
+        name             = "PaloAltoCloudNGFW"
         destination_type = "CloudWatchLogs"
         log_type         = "DECRYPTION"
       }

examples/cloudngfw_isolated_design/example.tfvars

@@ -299,20 +299,20 @@ cloudngfws = {
     }
     log_profiles = {
       dest_1 = {
-        create_cw        = true
-        name             = "PaloAltoCloudNGFWIsolated"
+        create_cw        = false
+        name             = "PaloAltoCloudNGFW"
         destination_type = "CloudWatchLogs"
         log_type         = "THREAT"
       }
       dest_2 = {
-        create_cw        = true
-        name             = "PaloAltoCloudNGFWIsolated"
+        create_cw        = false
+        name             = "PaloAltoCloudNGFW"
         destination_type = "CloudWatchLogs"
         log_type         = "TRAFFIC"
       }
       dest_3 = {
-        create_cw        = true
-        name             = "PaloAltoCloudNGFWIsolated"
+        create_cw        = false
+        name             = "PaloAltoCloudNGFW"
         destination_type = "CloudWatchLogs"
         log_type         = "DECRYPTION"
       }

modules/cloudngfw/README.md

@@ -40,6 +40,7 @@ No modules.
 | [cloudngfwaws_rulestack.this](https://registry.terraform.io/providers/PaloAltoNetworks/cloudngfwaws/2.0.6/docs/resources/rulestack) | resource |
 | [cloudngfwaws_security_rule.this](https://registry.terraform.io/providers/PaloAltoNetworks/cloudngfwaws/2.0.6/docs/resources/security_rule) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudwatch_log_group) | data source |
 
 ### Inputs
 

modules/cloudngfw/main.tf

@@ -1,7 +1,8 @@
 data "aws_caller_identity" "current" {}
 
 locals {
-  new_log_cw = toset(distinct([for _, v in var.log_profiles : v.name if v.create_cw]))
+  new_log_cw      = toset(distinct([for _, v in var.log_profiles : v.name if v.create_cw]))
+  existing_log_cw = toset(distinct([for _, v in var.log_profiles : v.name if !v.create_cw]))
 }
 
 resource "cloudngfwaws_ngfw" "this" {
@@ -86,8 +87,10 @@ resource "cloudngfwaws_ngfw_log_profile" "this" {
     for_each = var.log_profiles
     content {
       destination_type = log_destination.value.destination_type
-      destination      = log_destination.value.destination_type == "CloudWatchLogs" ? aws_cloudwatch_log_group.this[log_destination.value.name].name : log_destination.value.name
-      log_type         = log_destination.value.log_type
+      destination = log_destination.value.destination_type == "CloudWatchLogs" ? (
+        log_destination.value.create_cw ? aws_cloudwatch_log_group.this[log_destination.value.name].name : data.aws_cloudwatch_log_group.this[log_destination.value.name].name
+      ) : log_destination.value.name
+      log_type = log_destination.value.log_type
     }
   }
 
@@ -107,6 +110,12 @@ resource "aws_cloudwatch_log_group" "this" {
   tags = var.tags
 }
 
+data "aws_cloudwatch_log_group" "this" {
+  for_each = local.existing_log_cw
+
+  name = each.value
+}
+
 resource "aws_cloudwatch_log_stream" "this" {
   for_each = local.new_log_cw