A Terraform module to create and manage Google Project Logging Sinks.
This module supports Terraform version 1 and is compatible with the Terraform AWS Provider version 4.1. and 5._**
This module is part of our Infrastructure as Code (IaC) framework that enables our users and customers to easily deploy and manage reusable, secure, and production-grade cloud infrastructure.
- Module Features
- Getting Started
- Module Argument Reference
- Module Outputs
- External Documentation
- Module Versioning
- About Mineiros
- Reporting Issues
- Contributing
- Makefile Targets
- License
This module implements the following Terraform resources:
google_logging_project_sink
Most common usage of the module:
module "terraform-google-logging-sink" {
source = "git@github.com:mineiros-io/terraform-google-logging-sink.git?ref=v0.0.1"
name = "my-pubsub-instance-sink"
destination = "pubsub.googleapis.com/projects/my-project/topics/instance-activity"
}
See variables.tf and examples/ for details and use-cases.
-
name
: (Requiredstring
)The name of the logging sink.
-
destination
: (Requiredstring
)The destination of the sink (or, in other words, where logs are written to).
Can be a Cloud Storage bucket, a PubSub topic, a BigQuery dataset or a Cloud Logging bucket.
Examples:
"storage.googleapis.com/[GCS_BUCKET]"
"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]"
"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]"
"logging.googleapis.com/projects/[PROJECT_ID]]/locations/global/buckets/[BUCKET_ID]"
The writer associated with the sink must have access to write to the above resource.
-
filter
: (Optionalstring
)The filter to apply when exporting logs. Only log entries that match the filter are exported.
See Advanced Log Filters for information on how to write a filter.
-
description
: (Optionalstring
)A description of this sink. The maximum length of the description is 8000 characters.
-
disabled
: (Optionalbool
)If set to True, then this sink is disabled and it does not export any log entries.
-
project
: (Optionalstring
)The ID of the project to create the sink in.
If omitted and either
var.organization
orvar.folder
are present, no project logging sink is created.If omitted and both
var.organization
andvar.folder
are omitted, the project associated with the provider is used. -
unique_writer_identity
: (Optionalbool
)Whether or not to create a unique identity associated with this sink.
If
false
(the default), then thewriter_identity
used isserviceAccount:cloud-logs@system.gserviceaccount.com
.If
true
, then a unique service account is created and used for this sink. If you wish to publish logs across projects or utilizebigquery_options
, you must setunique_writer_identity
to true.Default is
null
. -
use_partitioned_tables
: (Optionalbool
)Whether to use BigQuery's partition tables.
By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.
Default is
null
. -
exclusions
: (Optionallist(exclusion)
)Log entries that match any of the exclusion filters will not be exported.
If a log entry is matched by both filter and one of
exclusion_filters
it will not be exported. Can be repeated multiple times for multiple exclusions.Default is
[]
.Each
exclusion
object in the list accepts the following attributes:-
name
: (Requiredstring
)A client-assigned identifier, such as
load-balancer-exclusion
.Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.
The object accepts the following attributes:
-
description
: (Optionalstring
)A description of this exclusion.
-
filter
: (Requiredstring
)An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries.
See Advanced Log Filters for information on how to write a filter.
-
disabled
: (Optionalbool
)If set to
true
, then this exclusion is disabled and it does not exclude any log entries.
-
-
-
folder
: (Optionalstring
)The ID of the folder to create the sink in.
If omitted, no folder logging sink is created.
If provided along with
var.project
, only the project logging sink is created.Default is
null
. -
organization
: (Optionalstring
)The ID of the organization to create the sink in.
If omitted, no organization logging sink is created.
If provided along with
var.project
, only the project logging sink is created.If provided along with
var.folder
, the folder logging sink is created instead.Default is
null
. -
include_children
: (Optionalbool
)Whether or not to include child projects in the sink export.
If
true
, logs associated with child projects are also exported; otherwise only logs relating to the provided folder or organization are included.Default is
null
.
-
module_enabled
: (Optionalbool
)Specifies whether resources in the module will be created.
Default is
true
. -
module_depends_on
: (Optionallist(dependency)
)A list of dependencies. Any object can be assigned to this list to define a hidden external dependency.
Default is
[]
.Example:
module_depends_on = [ null_resource.name ]
The following attributes are exported in the outputs of the module:
-
project_sink
: (list(object)
)All attributes of the created
google_logging_project_sink
resource. -
folder_sink
: (list(object)
)All attributes of the created
google_logging_folder_sink
resource. -
organization_sink
: (list(object)
)All attributes of the created
google_logging_organization_sink
resource. -
module_enabled
: (bool
)Whether this module is enabled.
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
- https://www.terraform.io/docs/providers/aws/r/iam_role.html
- https://www.terraform.io/docs/providers/aws/r/iam_role_policy.html
- https://www.terraform.io/docs/providers/aws/r/iam_role_policy_attachment.html
- https://www.terraform.io/docs/providers/aws/r/iam_instance_profile.html
This Module follows the principles of Semantic Versioning (SemVer).
Given a version number MAJOR.MINOR.PATCH
, we increment the:
MAJOR
version when we make incompatible changes,MINOR
version when we add functionality in a backwards compatible manner, andPATCH
version when we make backwards compatible bug fixes.
- Backwards compatibility in versions
0.0.z
is not guaranteed whenz
is increased. (Initial development) - Backwards compatibility in versions
0.y.z
is not guaranteed wheny
is increased. (Pre-release)
Mineiros is a remote-first company headquartered in Berlin, Germany that solves development, automation and security challenges in cloud infrastructure.
Our vision is to massively reduce time and overhead for teams to manage and deploy production-grade and secure cloud infrastructure.
We offer commercial support for all of our modules and encourage you to reach out if you have any questions or need help. Feel free to email us at hello@mineiros.io or join our Community Slack channel.
We use GitHub Issues to track community reported issues and missing features.
Contributions are always encouraged and welcome! For the process of accepting changes, we use Pull Requests. If you'd like more information, please see our Contribution Guidelines.
This repository comes with a handy Makefile.
Run make help
to see details on each available target.
This module is licensed under the Apache License Version 2.0, January 2004. Please see LICENSE for full details.
Copyright © 2020-2022 Mineiros GmbH