Merge branch 'develop'

robertpeteuil · May 27, 2019 · 3b55952 · 3b55952
2 parents 8f61e6d + 9a37472
commit 3b55952
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 113 deletions.
diff --git a/README.md b/README.md
@@ -35,7 +35,8 @@ This Lambda Function forwards subject & body of SNS messages to CloudWatch Log G
 ``` ruby
 module "sns_logger" {
   source            = "robertpeteuil/sns-to-cloudwatch-logs-lambda/aws"
-  version           = "1.0.1"
+  version           = "2.0.0"     # HCL2 support for Terraform >= 0.12
+  # version           = "1.0.1"   # Latest version for Terraform < 0.12
 
   aws_region        = "us-west-2"
   sns_topic_name    = "projectx-logging"

diff --git a/main.tf b/main.tf
@@ -3,12 +3,12 @@
 # -----------------------------------------------------------------
 
 terraform {
-  required_version = "~> 0.11.7"
+  required_version = ">= 0.12"
 }
 
 provider "aws" {
-  region  = "${var.aws_region}"
-  version = "~> 2.0"
+  region  = var.aws_region
+  version = ">= 2.12"
 }
 
 # -----------------------------------------------------------------
@@ -17,12 +17,12 @@ provider "aws" {
 
 resource "aws_lambda_layer_version" "logging_base" {
   filename         = "${path.module}/base_${var.lambda_runtime}.zip"
-  source_code_hash = "${base64sha256(file("${path.module}/base_${var.lambda_runtime}.zip"))}"
+  source_code_hash = filebase64sha256("${path.module}/base_${var.lambda_runtime}.zip")
 
-  layer_name  = "sns-cloudwatch-base-${replace(var.lambda_runtime,".","")}"
+  layer_name  = "sns-cloudwatch-base-${replace(var.lambda_runtime, ".", "")}"
   description = "python logging and watchtower libraries"
 
-  compatible_runtimes = ["${var.lambda_runtime}"]
+  compatible_runtimes = [var.lambda_runtime]
 }
 
 # -----------------------------------------------------------------
@@ -42,30 +42,30 @@ locals {
 
 # create lambda using function only zip on top of base layer
 resource "aws_lambda_function" "sns_cloudwatchlog" {
-  layers = ["${aws_lambda_layer_version.logging_base.arn}"]
+  layers = [aws_lambda_layer_version.logging_base.arn]
 
   function_name = "${var.lambda_func_name}-${var.sns_topic_name}"
-  description   = "${length(var.lambda_description) > 0 ? var.lambda_description : local.dynamic_description}"
+  description   = length(var.lambda_description) > 0 ? var.lambda_description : local.dynamic_description
 
   filename         = "${path.module}/lambda.zip"
-  source_code_hash = "${data.archive_file.lambda_function.output_base64sha256}"
+  source_code_hash = data.archive_file.lambda_function.output_base64sha256
 
-  publish = "${var.lambda_publish_func ? 1 : 0}"
-  role    = "${aws_iam_role.lambda_cloudwatch_logs.arn}"
+  publish = var.lambda_publish_func ? true : false
+  role    = aws_iam_role.lambda_cloudwatch_logs.arn
 
-  runtime     = "${var.lambda_runtime}"
+  runtime     = var.lambda_runtime
   handler     = "sns_cloudwatch_gw.main"
-  timeout     = "${var.lambda_timeout}"
-  memory_size = "${var.lambda_mem_size}"
+  timeout     = var.lambda_timeout
+  memory_size = var.lambda_mem_size
 
   environment {
     variables = {
-      log_group  = "${var.log_group_name}"
-      log_stream = "${var.log_stream_name}"
+      log_group  = var.log_group_name
+      log_stream = var.log_stream_name
     }
   }
 
-  tags = "${var.lambda_tags}"
+  tags = var.lambda_tags
 }
 
 # -----------------------------------------------------------------
@@ -76,14 +76,14 @@ resource "aws_lambda_function" "sns_cloudwatchlog" {
 
 # create if specified
 resource "aws_sns_topic" "sns_log_topic" {
-  count = "${var.create_sns_topic ? 1 : 0}"
-  name  = "${var.sns_topic_name}"
+  count = var.create_sns_topic ? 1 : 0
+  name  = var.sns_topic_name
 }
 
 # retrieve topic if not created, arn referenced
 data "aws_sns_topic" "sns_log_topic" {
-  count = "${var.create_sns_topic ? 0 : 1}"
-  name  = "${var.sns_topic_name}"
+  count = var.create_sns_topic ? 0 : 1
+  name  = var.sns_topic_name
 }
 
 # -----------------------------------------------------------------
@@ -92,15 +92,15 @@ data "aws_sns_topic" "sns_log_topic" {
 # -----------------------------------------------------------------
 
 resource "aws_cloudwatch_log_group" "sns_logged_item_group" {
-  count             = "${var.create_log_group ? 1 : 0}"
-  name              = "${var.log_group_name}"
-  retention_in_days = "${var.log_group_retention_days}"
+  count             = var.create_log_group ? 1 : 0
+  name              = var.log_group_name
+  retention_in_days = var.log_group_retention_days
 }
 
 # retrieve log group if not created, arn included in outputs
 data "aws_cloudwatch_log_group" "sns_logged_item_group" {
-  count = "${var.create_log_group ? 0 : 1}"
-  name  = "${var.log_group_name}"
+  count = var.create_log_group ? 0 : 1
+  name  = var.log_group_name
 }
 
 # -----------------------------------------------------------------
@@ -110,45 +110,33 @@ data "aws_cloudwatch_log_group" "sns_logged_item_group" {
 
 # create stream in log_group previously created or specified
 resource "aws_cloudwatch_log_stream" "sns_logged_item_stream" {
-  count          = "${var.create_log_stream ? 1 : 0}"
-  name           = "${var.log_stream_name}"
-  log_group_name = "${var.create_log_group ? join("", aws_cloudwatch_log_group.sns_logged_item_group.*.name) : var.log_group_name}"
+  count          = var.create_log_stream ? 1 : 0
+  name           = var.log_stream_name
+  log_group_name = var.create_log_group ? aws_cloudwatch_log_group.sns_logged_item_group[0].name : var.log_group_name
 }
 
 # -----------------------------------------------------------------
 # SUBSCRIBE LAMBDA FUNCTION TO SNS TOPIC
 # -----------------------------------------------------------------
 
 resource "aws_sns_topic_subscription" "lambda" {
-  topic_arn = "${var.create_sns_topic ? join("", aws_sns_topic.sns_log_topic.*.arn) : join("", data.aws_sns_topic.sns_log_topic.*.arn)}"
+  topic_arn = var.create_sns_topic ? aws_sns_topic.sns_log_topic[0].arn : data.aws_sns_topic.sns_log_topic[0].arn
   protocol  = "lambda"
-  endpoint  = "${var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn : aws_lambda_function.sns_cloudwatchlog.arn}"
+  endpoint  = var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn : aws_lambda_function.sns_cloudwatchlog.arn
 }
 
 # -----------------------------------------------------------------
 # ENABLE SNS TOPIC AS LAMBDA FUNCTION TRIGGER
-#   multiple resource blockss until 'null' parameter feature in Terraform v0.12.0
 # -----------------------------------------------------------------
 
 # function published - "qualifier" set to function version
-resource "aws_lambda_permission" "sns_cloudwatchlog_published" {
-  count         = "${var.lambda_publish_func ? 1 : 0}"
+resource "aws_lambda_permission" "sns_cloudwatchlog_multi" {
   statement_id  = "AllowExecutionFromSNS"
   action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.sns_cloudwatchlog.function_name}"
+  function_name = aws_lambda_function.sns_cloudwatchlog.function_name
   principal     = "sns.amazonaws.com"
-  source_arn    = "${var.create_sns_topic ? join("", aws_sns_topic.sns_log_topic.*.arn) : join("", data.aws_sns_topic.sns_log_topic.*.arn)}"
-  qualifier     = "${aws_lambda_function.sns_cloudwatchlog.version}"
-}
-
-# function not published - dont specify "qualifier" parameter
-resource "aws_lambda_permission" "sns_cloudwatchlog" {
-  count         = "${var.lambda_publish_func ? 0 : 1}"
-  statement_id  = "AllowExecutionFromSNS"
-  action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.sns_cloudwatchlog.function_name}"
-  principal     = "sns.amazonaws.com"
-  source_arn    = "${var.create_sns_topic ? join("", aws_sns_topic.sns_log_topic.*.arn) : join("", data.aws_sns_topic.sns_log_topic.*.arn)}"
+  source_arn    = var.create_sns_topic ? aws_sns_topic.sns_log_topic[0].arn : data.aws_sns_topic.sns_log_topic[0].arn
+  qualifier     = var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.version : null
 }
 
 # -------------------------------------------------------------------------------------
@@ -158,22 +146,22 @@ resource "aws_lambda_permission" "sns_cloudwatchlog" {
 # Create IAM role
 resource "aws_iam_role" "lambda_cloudwatch_logs" {
   name               = "lambda-${lower(var.lambda_func_name)}-${var.sns_topic_name}"
-  assume_role_policy = "${data.aws_iam_policy_document.lambda_cloudwatch_logs.json}"
+  assume_role_policy = data.aws_iam_policy_document.lambda_cloudwatch_logs.json
 }
 
 # Add base Lambda Execution policy
 resource "aws_iam_role_policy" "lambda_cloudwatch_logs_polcy" {
   name   = "lambda-${lower(var.lambda_func_name)}-policy-${var.sns_topic_name}"
-  role   = "${aws_iam_role.lambda_cloudwatch_logs.id}"
-  policy = "${data.aws_iam_policy_document.lambda_cloudwatch_logs_policy.json}"
+  role   = aws_iam_role.lambda_cloudwatch_logs.id
+  policy = data.aws_iam_policy_document.lambda_cloudwatch_logs_policy.json
 }
 
 # JSON POLICY - assume role
 data "aws_iam_policy_document" "lambda_cloudwatch_logs" {
   statement {
     actions = ["sts:AssumeRole"]
 
-    principals = {
+    principals {
       type        = "Service"
       identifiers = ["lambda.amazonaws.com"]
     }
@@ -199,7 +187,7 @@ data "aws_iam_policy_document" "lambda_cloudwatch_logs_policy" {
 
 # create cloudwatch event to run every 15 minutes
 resource "aws_cloudwatch_event_rule" "warmer" {
-  count = "${var.create_warmer_event ? 1 : 0}"
+  count = var.create_warmer_event ? 1 : 0
 
   name                = "sns-logger-warmer-${var.sns_topic_name}"
   description         = "Keeps ${var.lambda_func_name} Warm"
@@ -208,11 +196,12 @@ resource "aws_cloudwatch_event_rule" "warmer" {
 
 # set event target as sns_to_cloudwatch_logs lambda function 
 resource "aws_cloudwatch_event_target" "warmer" {
-  count = "${var.create_warmer_event ? 1 : 0}"
+  count = var.create_warmer_event ? 1 : 0
 
-  rule      = "${aws_cloudwatch_event_rule.warmer.name}"
+  # rule      = join("", aws_cloudwatch_event_rule.warmer.*.name)
+  rule      = aws_cloudwatch_event_rule.warmer[0].name
   target_id = "Lambda"
-  arn       = "${var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn : aws_lambda_function.sns_cloudwatchlog.arn}"
+  arn       = var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn : aws_lambda_function.sns_cloudwatchlog.arn
 
   input = <<JSON
 {
@@ -225,28 +214,13 @@ JSON
 
 # -----------------------------------------------------------------
 # ENABLE CLOUDWATCH EVENT AS LAMBDA FUNCTION TRIGGER
-#   multiple resource blockss until 'null' parameter feature in Terraform v0.12.0
 # -----------------------------------------------------------------
 
-# function published - "qualifier" set to function version
-resource "aws_lambda_permission" "warmer_published" {
-  count = "${var.create_warmer_event ? var.lambda_publish_func ? 1 : 0 : 0}"
-
-  statement_id  = "AllowExecutionFromCloudWatch"
-  action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.sns_cloudwatchlog.function_name}"
-  principal     = "events.amazonaws.com"
-  source_arn    = "${aws_cloudwatch_event_rule.warmer.arn}"
-  qualifier     = "${aws_lambda_function.sns_cloudwatchlog.version}"
-}
-
-# function not published - dont specify "qualifier" parameter
-resource "aws_lambda_permission" "warmer" {
-  count = "${var.create_warmer_event ? var.lambda_publish_func ? 0 : 1 : 0}"
-
-  statement_id  = "AllowExecutionFromCloudWatch"
-  action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.sns_cloudwatchlog.function_name}"
-  principal     = "events.amazonaws.com"
-  source_arn    = "${aws_cloudwatch_event_rule.warmer.arn}"
+resource "aws_lambda_permission" "warmer_multi" {
+  statement_id = "AllowExecutionFromCloudWatch"
+  action = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.sns_cloudwatchlog.function_name
+  principal = "events.amazonaws.com"
+  source_arn = aws_cloudwatch_event_rule.warmer[0].arn
+  qualifier = var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.version : null
 }
diff --git a/outputs.tf b/outputs.tf
@@ -4,65 +4,66 @@
 
 output "lambda_name" {
   description = "Name assigned to Lambda Function."
-  value       = "${var.lambda_func_name}"
+  value       = var.lambda_func_name
 }
 
 output "lambda_arn" {
   description = "ARN of created Lambda Function."
-  value       = "${var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn  : aws_lambda_function.sns_cloudwatchlog.arn}"
+  value       = var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn : aws_lambda_function.sns_cloudwatchlog.arn
 }
 
 output "lambda_version" {
   description = "Latest published version of Lambda Function."
-  value       = "${aws_lambda_function.sns_cloudwatchlog.version}"
+  value       = aws_lambda_function.sns_cloudwatchlog.version
 }
 
 output "lambda_last_modified" {
   description = "The date Lambda Function was last modified."
-  value       = "${aws_lambda_function.sns_cloudwatchlog.last_modified}"
+  value       = aws_lambda_function.sns_cloudwatchlog.last_modified
 }
 
 output "lambda_iam_role_id" {
   description = "Lambda IAM Role ID."
-  value       = "${aws_iam_role.lambda_cloudwatch_logs.id}"
+  value       = aws_iam_role.lambda_cloudwatch_logs.id
 }
 
 output "lambda_iam_role_arn" {
   description = "Lambda IAM Role ARN."
-  value       = "${aws_iam_role.lambda_cloudwatch_logs.arn}"
+  value       = aws_iam_role.lambda_cloudwatch_logs.arn
 }
 
 output "sns_topic_name" {
   description = "Name of SNS Topic logging to CloudWatch Log."
-  value       = "${var.sns_topic_name}"
+  value       = var.sns_topic_name
 }
 
 output "sns_topic_arn" {
   description = "ARN of SNS Topic logging to CloudWatch Log."
-  value       = "${var.create_sns_topic ? join("", aws_sns_topic.sns_log_topic.*.arn) : join("", data.aws_sns_topic.sns_log_topic.*.arn)}"
+  value       = var.create_sns_topic ? aws_sns_topic.sns_log_topic[0].arn : data.aws_sns_topic.sns_log_topic[0].arn
 }
 
 output "log_group_name" {
   description = "Name of CloudWatch Log Group."
-  value       = "${var.log_group_name}"
+  value       = var.log_group_name
 }
 
 output "log_group_arn" {
   description = "ARN of CloudWatch Log Group."
-  value       = "${var.create_log_group ? join("", aws_cloudwatch_log_group.sns_logged_item_group.*.arn) : join("", data.aws_cloudwatch_log_group.sns_logged_item_group.*.arn)}"
+  value       = var.create_log_group ? aws_cloudwatch_log_group.sns_logged_item_group[0].arn : data.aws_cloudwatch_log_group.sns_logged_item_group[0].arn
 }
 
 output "log_stream_name" {
   description = "Name of CloudWatch Log Stream."
-  value       = "${var.log_stream_name}"
+  value       = var.log_stream_name
 }
 
 output "log_stream_arn" {
   description = "ARN of CloudWatch Log Stream."
-  value       = "${var.create_sns_topic ? join("", aws_sns_topic.sns_log_topic.*.arn) : join("", data.aws_sns_topic.sns_log_topic.*.arn)}"
+  value       = var.create_sns_topic ? aws_sns_topic.sns_log_topic[0].arn : data.aws_sns_topic.sns_log_topic[0].arn
 }
 
 output "cloudwatch_event_rule_arn" {
   description = "ARN of CloudWatch Trigger Event created to prevent hibernation."
-  value       = "${join("", aws_cloudwatch_event_rule.warmer.*.arn)}"
+  value       = aws_cloudwatch_event_rule.warmer[0].arn
 }
+