Fix aws logs stream error

ewilde · ewilde · commit b2bf130d5bb7 · 2018-11-29T11:21:24.000Z
1. Add terraform.tfvars description
2. Fix issue with awslogs stream

Signed-off-by: Edward Wilde &lt;ewilde@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -22,27 +22,45 @@ terraform --version
 You will need to create a new file in the root of this repo called `terraform.tfvars`
 which configures variables used to install `faas-ecs`  
 
-|Name|Description|
-|----|-----------|
-|aws_region|The aws region to create the openfaas ecs cluster in|
-|debug| `1` to create an ec2 bastion in the external subnet and a test instance in the internal subnet|
-|developer_ip| your ip address, used to whitelist incoming ssh to bastion|
+| Name                | Description                                                                                                                      |
+|---------------------|----------------------------------------------------------------------------------------------------------------------------------|
+| acme_enabled        | (Recommend)`1` to use the official [acme]() terraform provider to create TLS certificates. Defaults to `0`                       |
+| acme_email_address  | (Recommend) Email address used to register TLS account, used in conjunction with `acme_enabled`                                  |
+| aws_region          | (Required) The aws region to create the openfaas ecs cluster in                                                                  |
+| alb_logs_bucket     | (Required) S3 bucket to store alb logs                                                                                           |
+| debug               | (Optional) `1` to create an ec2 bastion in the external subnet and a test instance in the internal subnet. Defaults to `0`       |
+| developer_ip        | your ip address, used to whitelist incoming ssh to the bastion, debug is enabled                                                 |
+| route53_zone_name   | (Recommended) a route 53 zone to create DNS records for the OpenFaaS gateway, i.e. openfaas.example.com, requires `acme_enabled` |
+| self_signed_enabled | (Not recommended) Use a self-signed TLS certificate for the OpenFaaS gateway if not using `acme_enabled`. Defaults to `0`        |
+
+
 
 **_Example file_**
 ```
 cat > ./terraform.tfvars <<EOF
-aws_region   = "eu-west-1"
-debug        = "0"
-developer_ip = "217.46.68.185"
+acme_enabled           = "1"
+acme_email_address     = "ewilde@gmail.com"
+alb_logs_bucket        = "ewilde-logs"
+aws_region             = "eu-west-1"
+debug                  = "1"
+developer_ip           = "31.53.195.58"
+route53_zone_name      = "openfaas.edwardwilde.com"
+self_signed_enabled    = "0"
 EOF
 ```
 3. **Create a public key for ssh**
 
-Ssh access is only required if `debug = "1"`, however the ssh key is still required for the 
+> Ssh access is only required if `debug = "1"`, however the ssh key is still required for the 
 install to work even if debug disabled. To create the key run:
 
 `make keys`
 
+4. Create bucket for alb logs
+If you don't already have a bucket, please create the bucket you listed in your `terraform.tfvars` in the variable
+`alb_logs_bucket`
+
+i.e. `aws s3api create-bucket --bucket ewilde-logs --region eu-west-1 --create-bucket-configuration LocationConstraint=eu-west-1`
+
 4. **Run terraform**
 
 `make`
diff --git a/alb-acme.tf b/alb-acme.tf
@@ -32,7 +32,8 @@ resource "aws_iam_server_certificate" "acme" {
 }
 
 data "aws_route53_zone" "main" {
-    name  = "${var.acme_domain_name}"
+    name  = "${var.route53_zone_name}"
+    count = "${var.acme_enabled}"
 }
 
 resource "aws_route53_record" "main" {
diff --git a/gateway.tf b/gateway.tf
@@ -86,6 +86,7 @@ resource "aws_ecs_task_definition" "gateway" {
         "options": {
           "awslogs-group": "${aws_cloudwatch_log_group.gateway_log.name}",
           "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "gateway-"
         }
       },
       "healthCheck": {
@@ -126,6 +127,7 @@ resource "aws_ecs_task_definition" "gateway" {
         "options": {
           "awslogs-group": "${aws_cloudwatch_log_group.gateway_log_fargate_provider.name}",
           "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "provider-"
         }
       },
       "healthCheck": {
@@ -153,6 +155,7 @@ resource "aws_ecs_task_definition" "gateway" {
         "options": {
           "awslogs-group": "${aws_cloudwatch_log_group.gateway_log_kms.name}",
           "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "kms-template-"
         }
       },
       "healthCheck": {
diff --git a/nats.tf b/nats.tf
@@ -43,6 +43,7 @@ resource "aws_ecs_task_definition" "nats" {
         "options": {
           "awslogs-group": "${aws_cloudwatch_log_group.nats.name}",
           "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "nats-"
         }
     },
     "healthCheck": {
@@ -90,6 +91,7 @@ resource "aws_ecs_task_definition" "nats" {
         "options": {
           "awslogs-group": "${aws_cloudwatch_log_group.nats_queue_worker.name}",
           "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "queue-worker-"
         }
     },
     "healthCheck": {
diff --git a/output.tf b/output.tf
@@ -15,13 +15,13 @@ output "alb_uri" {
 }
 
 output "openfass_uri" {
-    value = "https://${aws_lb.openfaas.dns_name}"
+    value = "https://gateway.${var.route53_zone_name}/ui/"
 }
 
 output "login" {
     value = "echo -n \"${random_string.basic_auth_password.result}\" | faas-cli login --gateway https://${aws_lb.openfaas.dns_name} --username=admin --password-stdin --tls-no-verify"
 }
 
 output "login_secure" {
-    value = "echo -n \"${random_string.basic_auth_password.result}\" | faas-cli login --gateway https://gateway.${var.acme_domain_name} --username=admin --password-stdin"
+    value = "echo -n \"${random_string.basic_auth_password.result}\" | faas-cli login --gateway https://gateway.${var.route53_zone_name} --username=admin --password-stdin"
 }
diff --git a/service-internal-with-lb/main.tf b/service-internal-with-lb/main.tf
@@ -91,6 +91,7 @@ resource "aws_ecs_task_definition" "main" {
         "options": {
           "awslogs-group": "${aws_cloudwatch_log_group.main.name}",
           "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "${var.name}-"
         }
     },
     "healthCheck": {
diff --git a/service-internal/main.tf b/service-internal/main.tf
@@ -60,6 +60,7 @@ resource "aws_ecs_task_definition" "main" {
         "options": {
           "awslogs-group": "${aws_cloudwatch_log_group.main.name}",
           "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "${var.name}-"
         }
     },
     "healthCheck": {
diff --git a/variables.tf b/variables.tf
@@ -45,8 +45,8 @@ variable "acme_email_address" {
     default = "nobody@example.com"
 }
 
-variable "acme_domain_name" {
-    default = ""
+variable "route53_zone_name" {
+    default = "foo"
 }
 
 variable "alb_logs_bucket" {}

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,8 @@ resource "aws_iam_server_certificate" "acme" {`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`data "aws_route53_zone" "main" {`
`35`		`- name = "${var.acme_domain_name}"`
	`35`	`+ name = "${var.route53_zone_name}"`
	`36`	`+ count = "${var.acme_enabled}"`
`36`	`37`	`}`
`37`	`38`
`38`	`39`	`resource "aws_route53_record" "main" {`
Original file line number	Diff line number	Diff line change
`@@ -15,13 +15,13 @@ output "alb_uri" {`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`output "openfass_uri" {`
`18`		`- value = "https://${aws_lb.openfaas.dns_name}"`
	`18`	`+ value = "https://gateway.${var.route53_zone_name}/ui/"`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`output "login" {`
`22`	`22`	`value = "echo -n \"${random_string.basic_auth_password.result}\" \| faas-cli login --gateway https://${aws_lb.openfaas.dns_name} --username=admin --password-stdin --tls-no-verify"`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`output "login_secure" {`
`26`		`- value = "echo -n \"${random_string.basic_auth_password.result}\" \| faas-cli login --gateway https://gateway.${var.acme_domain_name} --username=admin --password-stdin"`
	`26`	`+ value = "echo -n \"${random_string.basic_auth_password.result}\" \| faas-cli login --gateway https://gateway.${var.route53_zone_name} --username=admin --password-stdin"`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -91,6 +91,7 @@ resource "aws_ecs_task_definition" "main" {`
`91`	`91`	`"options": {`
`92`	`92`	`"awslogs-group": "${aws_cloudwatch_log_group.main.name}",`
`93`	`93`	`"awslogs-region": "${var.aws_region}",`
	`94`	`+ "awslogs-stream-prefix": "${var.name}-"`
`94`	`95`	`}`
`95`	`96`	`},`
`96`	`97`	`"healthCheck": {`
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,7 @@ resource "aws_ecs_task_definition" "main" {`
`60`	`60`	`"options": {`
`61`	`61`	`"awslogs-group": "${aws_cloudwatch_log_group.main.name}",`
`62`	`62`	`"awslogs-region": "${var.aws_region}",`
	`63`	`+ "awslogs-stream-prefix": "${var.name}-"`
`63`	`64`	`}`
`64`	`65`	`},`
`65`	`66`	`"healthCheck": {`
Original file line number	Diff line number	Diff line change
`@@ -45,8 +45,8 @@ variable "acme_email_address" {`
`45`	`45`	`default = "[email protected]"`
`46`	`46`	`}`
`47`	`47`
`48`		`-variable "acme_domain_name" {`
`49`		`- default = ""`
	`48`	`+variable "route53_zone_name" {`
	`49`	`+ default = "foo"`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`variable "alb_logs_bucket" {}`