This Terraform module deploys an AWS CloudWatch Log Stream and Group.
Check valid versions on:
- Github Releases: https://github.com/cn-terraform/terraform-aws-cloudwatch-logs/releases
- Terraform Module Registry: https://registry.terraform.io/modules/cn-terraform/cloudwatch-logs/aws
Pleas run this command right after cloning the repository.
pre-commit install
For that you may need to install the folowwing tools:
In order to run all checks at any point run the following command:
pre-commit run --all-files
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 4 |
| Name | Version |
|---|---|
| aws | 4.0.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.log_group | resource |
| aws_cloudwatch_log_stream.log_stream | resource |
| aws_kms_key.encryption_key | resource |
| aws_caller_identity.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_kms_key | If true a new KMS key will be created to encrypt the logs. If set to false a custom key can be used by setting the variable log_group_kms_key_id |
bool |
false |
no |
| log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | string |
null |
no |
| log_group_retention_in_days | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days. | number |
30 |
no |
| logs_path | Path of the logs in CloudWatch | any |
n/a | yes |
| tags | Resource tags | map(string) |
{} |
no |
| Name | Description |
|---|---|
| encryption_key_arn | The Amazon Resource Name (ARN) of the key. |
| encryption_key_id | The globally unique identifier for the key. |
| log_group_arn | The Amazon Resource Name (ARN) specifying the log group. |
| log_group_name | The name of the log group. |
| log_group_retention_in_days | Specifies the number of days log events are retained |
| log_stream_arn | The Amazon Resource Name (ARN) specifying the log stream. |
| log_stream_log_group_name | The name of the log group under which the log stream was created |
| log_stream_name | The name of the log stream. |
| logs_path | Path of the logs in CloudWatch |
