feat: adding the abiltiy to define the retention, kms and ensuring ta…

…gs on all resources (#13) * feat: adding the abiltiy to define the retention, kms and ensuring tags on all resources * docs: amending the readme
appvia · May 20, 2024 · e238a7c · e238a7c
1 parent 92a59c2
commit e238a7c
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -89,6 +89,8 @@ The `slack` configuration can be sourced from AWS Secrets Manager, using the `va
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to all resources | `map(string)` | n/a | yes |
 | <a name="input_allowed_aws_principals"></a> [allowed\_aws\_principals](#input\_allowed\_aws\_principals) | Optional, list of AWS accounts able to publish via the SNS topic (when creating topic) e.g 123456789012 | `list(string)` | `[]` | no |
 | <a name="input_allowed_aws_services"></a> [allowed\_aws\_services](#input\_allowed\_aws\_services) | Optional, list of AWS services able to publish via the SNS topic (when creating topic) e.g cloudwatch.amazonaws.com | `list(string)` | `[]` | no |
+| <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The KMS key id to use for encrypting the cloudwatch log group (default is none) | `string` | `null` | no |
+| <a name="input_cloudwatch_log_group_retention"></a> [cloudwatch\_log\_group\_retention](#input\_cloudwatch\_log\_group\_retention) | The retention period for the cloudwatch log group (for lambda function logs) in days | `string` | `"3"` | no |
 | <a name="input_create_sns_topic"></a> [create\_sns\_topic](#input\_create\_sns\_topic) | Whether to create an SNS topic for notifications | `bool` | `false` | no |
 | <a name="input_email"></a> [email](#input\_email) | The configuration for Email notifications | <pre>object({<br>    addresses = optional(list(string))<br>    # The email addresses to send notifications to<br>  })</pre> | `null` | no |
 | <a name="input_slack"></a> [slack](#input\_slack) | The configuration for Slack notifications | <pre>object({<br>    channel = optional(string)<br>    # The channel to post to <br>    lambda_name = optional(string, "slack-notify")<br>    # The name of the lambda function to create <br>    secret_name = optional(string)<br>    # An optional secret name in secrets manager to use for the slack configuration <br>    username = optional(string, ":aws: Notification")<br>    # The username to post as <br>    webhook_url = optional(string)<br>    # The webhook url to post to<br>  })</pre> | `null` | no |

diff --git a/main.tf b/main.tf
@@ -45,16 +45,21 @@ module "slack" {
   source  = "terraform-aws-modules/notify-slack/aws"
   version = "6.4.0"
 
-  create_sns_topic         = false
-  lambda_description       = "Lambda function to send slack notifications, for sns topic ${var.sns_topic_name}"
-  lambda_function_name     = var.slack.lambda_name
-  lambda_function_tags     = var.tags
-  recreate_missing_package = false
-  slack_channel            = local.slack_channel
-  slack_username           = local.slack_username
-  slack_webhook_url        = local.slack_webhook_url
-  sns_topic_name           = var.sns_topic_name
-  tags                     = var.tags
+  cloudwatch_log_group_kms_key_id        = var.cloudwatch_log_group_kms_key_id
+  cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention
+  cloudwatch_log_group_tags              = var.tags
+  create_sns_topic                       = false
+  iam_role_tags                          = var.tags
+  lambda_description                     = "Lambda function to send slack notifications, for sns topic ${var.sns_topic_name}"
+  lambda_function_name                   = var.slack.lambda_name
+  lambda_function_tags                   = var.tags
+  recreate_missing_package               = false
+  slack_channel                          = local.slack_channel
+  slack_username                         = local.slack_username
+  slack_webhook_url                      = local.slack_webhook_url
+  sns_topic_name                         = var.sns_topic_name
+  sns_topic_tags                         = var.tags
+  tags                                   = var.tags
 
   depends_on = [module.sns]
 }
diff --git a/variables.tf b/variables.tf
@@ -37,6 +37,18 @@ variable "sns_topic_policy" {
   default     = null
 }
 
+variable "cloudwatch_log_group_retention" {
+  description = "The retention period for the cloudwatch log group (for lambda function logs) in days"
+  type        = string
+  default     = "3"
+}
+
+variable "cloudwatch_log_group_kms_key_id" {
+  description = "The KMS key id to use for encrypting the cloudwatch log group (default is none)"
+  type        = string
+  default     = null
+}
+
 variable "slack" {
   description = "The configuration for Slack notifications"
   type = object({