From 0e42054dd8536c0397b41b827b05639d217c7091 Mon Sep 17 00:00:00 2001 From: Sandeep Mandala Date: Wed, 20 Jan 2021 15:28:20 -0800 Subject: [PATCH 1/2] enable clouldwatch log exports for aurora postgresql --- aws-aurora-postgres/main.tf | 1 + aws-redis-replication-group/README.md | 12 ++++++------ aws-s3-public-bucket/README.md | 2 ++ 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/aws-aurora-postgres/main.tf b/aws-aurora-postgres/main.tf index 73453abe..6f0c85bc 100755 --- a/aws-aurora-postgres/main.tf +++ b/aws-aurora-postgres/main.tf @@ -26,6 +26,7 @@ module "aurora" { rds_cluster_parameters = var.rds_cluster_parameters iam_database_authentication_enabled = var.iam_database_authentication_enabled performance_insights_enabled = var.performance_insights_enabled + enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery", "postgresql"] ca_cert_identifier = var.ca_cert_identifier auto_minor_version_upgrade = var.auto_minor_version_upgrade diff --git a/aws-redis-replication-group/README.md b/aws-redis-replication-group/README.md index 4dfc50b3..23831edc 100644 --- a/aws-redis-replication-group/README.md +++ b/aws-redis-replication-group/README.md @@ -20,14 +20,14 @@ a replication group with the given parameters. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| at\_rest\_encryption\_enabled | Whether to enable encryption at rest. | `bool` | `false` | no | | apply\_immediately | Whether changes should be applied immediately or during the next maintenance window. | `bool` | `true` | no | -| availability\_zone | Availability zone in which this instance should run. | `string` | `null` | no | +| at\_rest\_encryption\_enabled | Whether to enable encryption at rest. Default: false. | `bool` | `false` | no | +| availability\_zones | Availability zone in which this instance should run. | `list(string)` | `null` | no | | engine\_version | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | `string` | `"5.0.5"` | no | | env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | | ingress\_security\_group\_ids | Source security groups which should be able to contact this instance. | `list(string)` | n/a | yes | | instance\_type | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | `string` | `"cache.m5.large"` | no | -| number_cache_clusters | Number of cache clusters. | `number` | 1 | no | +| number\_cache\_clusters | Number of cache clusters. Default 1. | `number` | `1` | no | | owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | | parameter\_group\_name | Parameter group to use for this Redis cache. | `string` | `"default.redis5.0"` | no | | port | Port to host Redis on. | `number` | `6379` | no | @@ -36,15 +36,15 @@ a replication group with the given parameters. | resource\_name | If not set, name will be [var.project]-[var.env]-[var.name]. | `string` | `""` | no | | service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `"redis"` | no | | subnets | List of subnets to which this EC instance should be attached. They should probably be private. | `list(string)` | n/a | yes | -| transit\_encryption\_enabled | Whether to enable encryption in transit. | `bool` | `false` | no | +| transit\_encryption\_enabled | Whether to enable encryption in transit. Default: false. | `bool` | `false` | no | | vpc\_id | VPC where the cache will be deployed. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| primary_endpoint_address | The endpoint of the primary node in this node group (shard). | -| configuration_endpoint_address | The configuration endpoint address to allow host discovery. | +| configuration\_endpoint\_address | The configuration endpoint address to allow host discovery. | | port | Redis TCP port. | +| primary\_endpoint\_address | The endpoint of the primary node in this node group (shard). | diff --git a/aws-s3-public-bucket/README.md b/aws-s3-public-bucket/README.md index 7abe9c1b..55843c4a 100644 --- a/aws-s3-public-bucket/README.md +++ b/aws-s3-public-bucket/README.md @@ -19,10 +19,12 @@ | bucket\_contents | Describe the data within this bucket. | `string` | n/a | yes | | bucket\_name | The name of the bucket. Note that `-public` will be appended to `bucket_name`s that don't contain a `public` substring. This module will output the computed `bucket_name`. | `string` | n/a | yes | | bucket\_policy | A policy to attach to this bucket. | `string` | `""` | no | +| enable\_versioning | Keep old versions of objects in this bucket. | `bool` | `true` | no | | env | Env for tagging and naming. | `string` | n/a | yes | | owner | Owner for tagging and naming. | `string` | n/a | yes | | project | Project for tagging and naming. | `string` | n/a | yes | | public\_read\_justification | Describe why this bucket must be public and what it is being used for. | `string` | n/a | yes | +| require\_tls | Require TLS to read objects from this bucket. | `bool` | `true` | no | | service | Service for tagging and naming. | `string` | n/a | yes | ## Outputs From e4c3a6c67319ffc68a4bd86554e5951a41a20073 Mon Sep 17 00:00:00 2001 From: Sandeep Mandala Date: Wed, 20 Jan 2021 15:50:13 -0800 Subject: [PATCH 2/2] only postgresql logs are supported for aurora postgresql --- aws-aurora-postgres/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-aurora-postgres/main.tf b/aws-aurora-postgres/main.tf index 6f0c85bc..4e4dec7e 100755 --- a/aws-aurora-postgres/main.tf +++ b/aws-aurora-postgres/main.tf @@ -26,7 +26,7 @@ module "aurora" { rds_cluster_parameters = var.rds_cluster_parameters iam_database_authentication_enabled = var.iam_database_authentication_enabled performance_insights_enabled = var.performance_insights_enabled - enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery", "postgresql"] + enabled_cloudwatch_logs_exports = ["postgresql"] ca_cert_identifier = var.ca_cert_identifier auto_minor_version_upgrade = var.auto_minor_version_upgrade