Merge pull request #31 from kunduso/create-amazon-elasticache

Enable logging for the ElastiCache cluster
kunduso · Nov 10, 2023 · d5bce60 · d5bce60
2 parents 308358d + 988abdf
commit d5bce60
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 8 deletions.
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -105,7 +105,6 @@ jobs:
       run: |
         terraform plan -no-color -input=false \
         -out=TFplan.JSON
-      continue-on-error: true
 
     # Generate an Infracost diff and save it to a JSON file.
     - name: Generate Infracost diff

diff --git a/cloudwatch.tf b/cloudwatch.tf
@@ -0,0 +1,10 @@
+resource "aws_cloudwatch_log_group" "slow_log" {
+  name              = "/elasticache/${var.replication_group_id}/slow-log"
+  retention_in_days = 365
+  kms_key_id        = aws_kms_key.encrytion_rest.id
+}
+resource "aws_cloudwatch_log_group" "engine_log" {
+  name              = "/elasticache/${var.replication_group_id}/engine-log"
+  retention_in_days = 365
+  kms_key_id        = aws_kms_key.encrytion_rest.id
+}
diff --git a/elasticache.tf b/elasticache.tf
@@ -28,7 +28,7 @@ resource "aws_secretsmanager_secret_version" "auth" {
 resource "aws_elasticache_replication_group" "app4" {
   automatic_failover_enabled = true
   subnet_group_name          = aws_elasticache_subnet_group.elasticache_subnet.name
-  replication_group_id       = "app-4-redis-cluster"
+  replication_group_id       = var.replication_group_id
   description                = "ElastiCache cluster for app4"
   node_type                  = "cache.t2.small"
   parameter_group_name       = "default.redis7.cluster.on"
@@ -41,6 +41,18 @@ resource "aws_elasticache_replication_group" "app4" {
   transit_encryption_enabled = true
   auth_token                 = aws_secretsmanager_secret_version.auth.secret_string
   security_group_ids         = [aws_security_group.elasticache.id]
+  log_delivery_configuration {
+    destination      = aws_cloudwatch_log_group.slow_log.name
+    destination_type = "cloudwatch-logs"
+    log_format       = "json"
+    log_type         = "slow-log"
+  }
+  log_delivery_configuration {
+    destination      = aws_cloudwatch_log_group.engine_log.name
+    destination_type = "cloudwatch-logs"
+    log_format       = "json"
+    log_type         = "engine-log"
+  }
   lifecycle {
     ignore_changes = [kms_key_id]
   }

diff --git a/variable.tf b/variable.tf
@@ -1,34 +1,40 @@
 #Define AWS Region
 variable "region" {
-  description = "Infrastructure region"
+  description = "AWS Cloud infrastructure region."
   type        = string
   default     = "us-east-2"
 }
 #Define IAM User Access Key
 variable "access_key" {
-  description = "The access_key that belongs to the IAM user"
+  description = "The access_key that belongs to the IAM user."
   type        = string
   sensitive   = true
   default     = ""
 }
 #Define IAM User Secret Key
 variable "secret_key" {
-  description = "The secret_key that belongs to the IAM user"
+  description = "The secret_key that belongs to the IAM user."
   type        = string
   sensitive   = true
   default     = ""
 }
 variable "vpc_cidr" {
-  description = "the vpc cidr"
+  description = "CIDR for the VPC."
   default     = "10.20.32.0/25"
 }
 variable "subnet_cidr_private" {
-  description = "cidr blocks for the private subnets"
+  description = "CIDR blocks for the private subnets."
   default     = ["10.20.32.0/27", "10.20.32.32/27", "10.20.32.64/27"]
   type        = list(any)
 }
 variable "subnet_cidr_public" {
-  description = "cidr blocks for the public subnets"
+  description = "CIDR blocks for the public subnets."
   default     = ["10.20.32.96/27"]
   type        = list(any)
+}
+
+variable "replication_group_id" {
+  description = "The name of the ElastiCache replication group."
+  default     = "app-4-redis-cluster"
+  type        = string
 }