Merge pull request #8096 from ministryofjustice/feature/7607-core-sha…

…red-services-resolver-logs Log R53 resolver queries for `core-shared-services`
ministryofjustice · Sep 27, 2024 · 063c665 · 063c665
2 parents 6d6ac91 + 9bac5f8
commit 063c665
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/terraform/environments/core-shared-services/logging.tf b/terraform/environments/core-shared-services/logging.tf
@@ -0,0 +1,28 @@
+locals {
+  resolver_query_log_config_names = toset(["core-logging-rlq-cloudwatch", "core-logging-rlq-s3"])
+  vpc_ids                         = { for key, value in module.vpc : key => value["vpc_id"] if key == "live_data" }
+  rlq_ids                         = { for name, config in data.aws_route53_resolver_query_log_config.core_logging : name => config.id }
+  vpc_rlq_associations = merge([
+    for vpc_key, vpc_id in local.vpc_ids : {
+      for rlq_name, rlq_id in local.rlq_ids :
+      "${vpc_key}_${rlq_name}" => {
+        vpc_id = vpc_id
+        rlq_id = rlq_id
+      }
+    }
+  ]...)
+}
+
+data "aws_route53_resolver_query_log_config" "core_logging" {
+  for_each = local.resolver_query_log_config_names
+  filter {
+    name   = "Name"
+    values = [each.value]
+  }
+}
+
+resource "aws_route53_resolver_query_log_config_association" "core_logging" {
+  for_each                     = local.is-production ? local.vpc_rlq_associations : {}
+  resolver_query_log_config_id = each.value.rlq_id
+  resource_id                  = each.value.vpc_id
+}