diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 93df829..f621e0a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -12,8 +12,8 @@
"version": "latest"
},
"ghcr.io/devcontainers/features/terraform:1": {
- "version": "1.6.2",
- "tflint": "0.48.0",
+ "version": "1.9.0",
+ "tflint": "0.51.1",
"installTFsec": "true",
"installTerraformDocs": "true"
},
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 1337d27..8cc74ea 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,33 +1,33 @@
-repos:
- - repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.89.1
- hooks:
- - id: terraform_fmt
- - id: terraform_validate
- - id: terraform_docs
- args:
- - '--args=--lockfile=false'
- - id: terraform_tflint
- args:
- - '--args=--only=terraform_deprecated_interpolation'
- - '--args=--only=terraform_deprecated_index'
- - '--args=--only=terraform_unused_declarations'
- - '--args=--only=terraform_comment_syntax'
- - '--args=--only=terraform_documented_outputs'
- - '--args=--only=terraform_documented_variables'
- - '--args=--only=terraform_typed_variables'
- - '--args=--only=terraform_module_pinned_source'
- - '--args=--only=terraform_naming_convention'
- - '--args=--only=terraform_required_version'
- - '--args=--only=terraform_required_providers'
- - '--args=--only=terraform_standard_module_structure'
- - '--args=--only=terraform_workspace_remote'
- - id: terraform_checkov
- args:
- - --args=--quiet
- - --args=--skip-check CKV_AWS_116,CKV_AWS_117,CKV_AWS_173,CKV_AWS_272
- - repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.6.0
- hooks:
- - id: check-merge-conflict
- - id: end-of-file-fixer
+repos:
+ - repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.92.0
+ hooks:
+ - id: terraform_fmt
+ - id: terraform_validate
+ - id: terraform_docs
+ args:
+ - '--args=--lockfile=false'
+ - id: terraform_tflint
+ args:
+ - '--args=--only=terraform_deprecated_interpolation'
+ - '--args=--only=terraform_deprecated_index'
+ - '--args=--only=terraform_unused_declarations'
+ - '--args=--only=terraform_comment_syntax'
+ - '--args=--only=terraform_documented_outputs'
+ - '--args=--only=terraform_documented_variables'
+ - '--args=--only=terraform_typed_variables'
+ - '--args=--only=terraform_module_pinned_source'
+ - '--args=--only=terraform_naming_convention'
+ - '--args=--only=terraform_required_version'
+ - '--args=--only=terraform_required_providers'
+ - '--args=--only=terraform_standard_module_structure'
+ - '--args=--only=terraform_workspace_remote'
+ - id: terraform_checkov
+ args:
+ - --args=--quiet
+ - --args=--skip-check CKV_AWS_116,CKV_AWS_117,CKV_AWS_173,CKV_AWS_272
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.6.0
+ hooks:
+ - id: check-merge-conflict
+ - id: end-of-file-fixer
diff --git a/README.md b/README.md
index 399fda4..7f2ddf8 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,26 @@
This module deploys a Lambda function that checks the health of MSK cluster and sends a notification if a cluster is unhealthy.
+If the target for `ok_actions`, `alarm_actions` or `insufficient_data_actions` is an SNS topic using a KMS key, ensure
+that CloudWatch Alarms has sufficient permissions to publish messages.
+For example:
+```shell
+statement {
+ sid = "Allow access for CloudWatch Alarms"
+ effect = "Allow"
+ principals {
+ type = "Service"
+ identifiers = ["cloudwatch.amazonaws.com"]
+ }
+ actions = [
+ "kms:Decrypt",
+ "kms:GenerateDataKey"
+ ]
+ resources = ["*"]
+
+ }
+```
+
## Requirements
@@ -49,15 +69,18 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [alarm\_actions](#input\_alarm\_actions) | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). Default is `null`. | `list(string)` | `null` | no |
| [cloudwatch\_alarms\_treat\_missing\_data](#input\_cloudwatch\_alarms\_treat\_missing\_data) | Sets how the alarms handle missing data points. The following values are supported: `missing`, `ignore`, `breaching` and `notBreaching`. Default is `breaching`. | `string` | `"breaching"` | no |
| [cluster\_arns](#input\_cluster\_arns) | List of MSK cluster ARNs. Default is `[]`. | `list(string)` | `[]` | no |
| [email](#input\_email) | List of e-mail addresses subscribing to the SNS topic. Default is `[]`. | `list(string)` | `[]` | no |
| [enable\_cloudwatch\_alarms](#input\_enable\_cloudwatch\_alarms) | Setup CloudWatch alarms for the MSK clusters state. For each state a separate alarm will be created. Default is `false`. | `bool` | `false` | no |
| [enable\_sns\_notifications](#input\_enable\_sns\_notifications) | Setup SNS notifications for the MSK clusters state. Default is `false`. | `bool` | `false` | no |
| [ignore\_states](#input\_ignore\_states) | Suppress warnings for the listed MSK states. Default: ['MAINTENANCE'] | `list(string)` | [
"MAINTENANCE"
]
| no |
+| [insufficient\_data\_actions](#input\_insufficient\_data\_actions) | The list of actions to execute when this alarm transitions into an INSUFFICIENT\_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). Default is `null`. | `list(string)` | `null` | no |
| [log\_retion\_period\_in\_days](#input\_log\_retion\_period\_in\_days) | Number of days logs will be retained. Default is `365`. | `number` | `365` | no |
| [memory\_size](#input\_memory\_size) | Amount of memory in MByte that the Lambda function can use at runtime. Default is `160`. | `number` | `160` | no |
| [name](#input\_name) | Name of the health monitor. Default is `msk_status_monitor`. | `string` | `"msk_status_monitor"` | no |
+| [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | `list(string)` | `null` | no |
| [schedule\_expression](#input\_schedule\_expression) | The schedule expression for the CloudWatch event rule. Default is `rate(5 minutes)`. | `string` | `"rate(5 minutes)"` | no |
| [tags](#input\_tags) | A map of tags to add to all resources. Default is `{}`. | `map(string)` | `{}` | no |
diff --git a/examples/01_default_configuration/README.md b/examples/01_default_configuration/README.md
index 9ebd40f..8601156 100644
--- a/examples/01_default_configuration/README.md
+++ b/examples/01_default_configuration/README.md
@@ -7,8 +7,8 @@ Create a basic MSK status monitor.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | ~>1.8 |
-| [aws](#requirement\_aws) | ~>5.32 |
+| [terraform](#requirement\_terraform) | ~>1.9 |
+| [aws](#requirement\_aws) | ~>5.59 |
## Providers
diff --git a/examples/01_default_configuration/versions.tf b/examples/01_default_configuration/versions.tf
index f91af38..0a1249d 100644
--- a/examples/01_default_configuration/versions.tf
+++ b/examples/01_default_configuration/versions.tf
@@ -1,9 +1,9 @@
terraform {
- required_version = "~>1.8"
+ required_version = "~>1.9"
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~>5.32"
+ version = "~>5.59"
}
}
}
diff --git a/main.tf b/main.tf
index c2c7687..f830eeb 100644
--- a/main.tf
+++ b/main.tf
@@ -178,9 +178,9 @@ resource "aws_cloudwatch_metric_alarm" "this" {
statistic = "Average"
threshold = 0
treat_missing_data = var.cloudwatch_alarms_treat_missing_data
- alarm_actions = []
- insufficient_data_actions = []
- # TODO: ok_actions = [var.sns_topic_alarms_arn]
+ ok_actions = var.ok_actions
+ alarm_actions = var.alarm_actions
+ insufficient_data_actions = var.insufficient_data_actions
dimensions = {
ClusterName = each.key
}
diff --git a/variables.tf b/variables.tf
index 417a927..1399beb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -26,6 +26,24 @@ variable "cloudwatch_alarms_treat_missing_data" {
}
}
+variable "alarm_actions" {
+ description = "The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). Default is `null`."
+ type = list(string)
+ default = null
+}
+
+variable "insufficient_data_actions" {
+ description = "The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). Default is `null`."
+ type = list(string)
+ default = null
+}
+
+variable "ok_actions" {
+ description = "The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN)."
+ type = list(string)
+ default = null
+}
+
variable "enable_sns_notifications" {
description = "Setup SNS notifications for the MSK clusters state. Default is `false`."
type = bool