Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/terraform-aws-modules/terraform-aws-cloudwatch
Terraform module to create AWS Cloudwatch resources πΊπ¦
https://github.com/terraform-aws-modules/terraform-aws-cloudwatch
aws aws-cloudwatch cis-benchmarks cloudwatch cloudwatch-alarms cloudwatch-logs cloudwatch-metrics terraform-module
Last synced: 22 days ago
JSON representation
Terraform module to create AWS Cloudwatch resources πΊπ¦
- Host: GitHub
- URL: https://github.com/terraform-aws-modules/terraform-aws-cloudwatch
- Owner: terraform-aws-modules
- License: apache-2.0
- Created: 2019-06-17T19:37:42.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-09-09T02:00:43.000Z (about 2 months ago)
- Last Synced: 2024-09-30T15:22:20.638Z (about 1 month ago)
- Topics: aws, aws-cloudwatch, cis-benchmarks, cloudwatch, cloudwatch-alarms, cloudwatch-logs, cloudwatch-metrics, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/terraform-aws-modules/cloudwatch/aws
- Size: 188 KB
- Stars: 162
- Watchers: 12
- Forks: 195
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- jimsghstars - terraform-aws-modules/terraform-aws-cloudwatch - Terraform module to create AWS Cloudwatch resources πΊπ¦ (HCL)
README
# AWS Cloudwatch Terraform module
Terraform module which creates Cloudwatch resources on AWS.
## Usage
### Log metric filter
```hcl
module "log_metric_filter" {
source = "terraform-aws-modules/cloudwatch/aws//modules/log-metric-filter"
version = "~> 3.0"
log_group_name = "my-application-logs"
name = "error-metric"
pattern = "ERROR"
metric_transformation_namespace = "MyApplication"
metric_transformation_name = "ErrorCount"
}
```
Read [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) for explanation of `pattern`.
### Log group
```hcl
module "log_group" {
source = "terraform-aws-modules/cloudwatch/aws//modules/log-group"
version = "~> 3.0"
name = "my-app"
retention_in_days = 120
}
```
### Log stream
```hcl
module "log_stream" {
source = "terraform-aws-modules/cloudwatch/aws//modules/log-stream"
version = "~> 3.0"
name = "stream1"
log_group_name = "my-app"
}
```
### Metric alarm
```hcl
module "metric_alarm" {
source = "terraform-aws-modules/cloudwatch/aws//modules/metric-alarm"
version = "~> 3.0"
alarm_name = "my-application-logs-errors"
alarm_description = "Bad errors in my-application-logs"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = 1
threshold = 10
period = 60
unit = "Count"
namespace = "MyApplication"
metric_name = "ErrorCount"
statistic = "Maximum"
alarm_actions = ["arn:aws:sns:eu-west-1:835367859852:my-sns-queue"]
}
```
### Metric alarms by multiple dimensions
This submodule is useful when you need to create very similar alarms where only dimensions are different (eg, multiple AWS Lambda functions), but the rest of arguments are the same.
```hcl
module "metric_alarms" {
source = "terraform-aws-modules/cloudwatch/aws//modules/metric-alarms-by-multiple-dimensions"
version = "~> 3.0"
alarm_name = "lambda-duration-"
alarm_description = "Lambda duration is too high"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = 1
threshold = 10
period = 60
unit = "Milliseconds"
namespace = "AWS/Lambda"
metric_name = "Duration"
statistic = "Maximum"
dimensions = {
"lambda1" = {
FunctionName = "index"
},
"lambda2" = {
FunctionName = "signup"
},
}
alarm_actions = ["arn:aws:sns:eu-west-1:835367859852:my-sns-queue"]
}
```
Check out [list of all AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) for detailed information about each supported service.
### CIS AWS Foundations Controls: Metrics + Alarms
```hcl
module "cis_alarms" {
source = "terraform-aws-modules/cloudwatch/aws//modules/cis-alarms"
version = "~> 3.0"
log_group_name = "my-cloudtrail-logs"
alarm_actions = ["arn:aws:sns:eu-west-1:835367859852:my-sns-queue"]
}
```
AWS CloudTrail normally publishes logs into AWS CloudWatch Logs. This module creates log metric filters together with metric alarms according to [CIS AWS Foundations Benchmark v1.4.0 (05-28-2021)](https://www.cisecurity.org/benchmark/amazon_web_services/). Read more about [CIS AWS Foundations Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html).
### Log Group Data Protection Policy
```hcl
module "log_group_data_protection" {
source = "terraform-aws-modules/cloudwatch/aws//modules/log-data-protection-policy"
version = "~> 4.0"
log_group_name = "my-log-group"
create_log_data_protection_policy = true
log_data_protection_policy_name = "RedactAddress"
data_identifiers = ["arn:aws:dataprotection::aws:data-identifier/Address"]
findings_destination_cloudwatch_log_group = "audit-log-group"
}
```
### Log Subscription Filter
```hcl
module "log_subscription_filter" {
source = "terraform-aws-modules/cloudwatch/aws//modules/log-subscription-filter"
name = "my-filter"
destination_arn = "arn:aws:firehose:eu-west-1:835367859852:deliverystream/cw-logs"
filter_pattern = "%test%"
log_group_name = "my-log-group"
role_arn = "arn:aws:iam::835367859852:role/cw-logs-to-firehose"
}
```
### Metric Stream
```hcl
module "metric_stream" {
name = "metric-stream"
firehose_arn = "arn:aws:firehose:eu-west-1:835367859852:deliverystream/metric-stream-example"
output_format = "json"
role_arn = "arn:aws:iam::835367859852:role/metric-stream-to-firehose-20240113005123755300000002"
# conflicts with exclude_filter
include_filter = {
ec2 = {
namespace = "AWS/EC2"
metric_names = ["CPUUtilization", "NetworkIn"]
}
}
statistics_configuration = [
{
additional_statistics = ["p99"]
include_metric = [
{
namespace = "AWS/EC2"
metric_name = "CPUUtilization"
},
{
namespace = "AWS/EC2"
metric_name = "NetworkIn"
}
]
},
{
additional_statistics = ["p90", "TM(10%:90%)"]
include_metric = [
{
namespace = "AWS/EC2"
metric_name = "CPUUtilization"
}
]
}
]
}
```
### Query Definition
```hcl
module "query_definition" {
source = "terraform-aws-modules/cloudwatch/aws//modules/query-definition"
version = "~> 4.0"
name = "my-query-definition"
log_group_names = ["my-log-group-name"]
query_string = <
## Authors
Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/graphs/contributors).
## License
Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-cloudwatch/tree/master/LICENSE) for full details.