0.2.5 release

Author: robertpeteuil

README.md

@@ -30,7 +30,7 @@ This Lambda Function forwards subject & body of SNS messages to CloudWatch Log G
 ``` ruby
 module "sns_logger" {
   source            = "robertpeteuil/sns-to-cloudwatch-logs-lambda/aws"
-  version           = "0.2.3"
+  version           = "0.2.5"
 
   aws_region        = "us-west-2"
   sns_topic_name    = "projectx-logging"

main.tf

@@ -1,17 +1,16 @@
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 # AWS SNS TO CLOUDWATCH LOGS LAMBDA GATEWAY
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 
-# Only tested on Terraform 0.11.1+
 terraform {
-  required_version = ">= 0.11.1"
+  required_version = "~> 0.11.7"
 }
 
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 # CREATE LAMBDA FUNCTION - SNS TO CLOUDWATCH LOGS GATEWAY 
-#   environment variables used for the log_group and log_stream so they aren't hardcoded into the function
-#   function can be published (versioned) by setting the optional lambda_publish_func flag
-# -------------------------------------------------------------------------------------------------------------
+#   environment variables used for the 'log_group' and 'log_stream'
+#   function published if 'lambda_publish_func' set
+# -----------------------------------------------------------------
 
 resource "aws_lambda_function" "sns_cloudwatchlog" {
   function_name = "${var.lambda_func_name}"
@@ -36,72 +35,69 @@ resource "aws_lambda_function" "sns_cloudwatchlog" {
   }
 }
 
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 # SNS TOPIC
-#   create new topic if create_sns_topic == true
-#     otherwise retrieve existing topic metadata
-#   topic arn used in "lambda_permssion" and "aws_sns_topic_subscription" 
-# -------------------------------------------------------------------------------------------------------------
+#   create new topic (if create_sns_topic set), else use existing topic
+#   arn referenced by "lambda_permssion" and "aws_sns_topic_subscription" 
+# -----------------------------------------------------------------
 
 # create if specified
 resource "aws_sns_topic" "sns_log_topic" {
   count = "${var.create_sns_topic ? 1 : 0}"
   name  = "${var.sns_topic_name}"
 }
 
-# find existing if not creating
+# retrieve topic if not created, arn referenced
 data "aws_sns_topic" "sns_log_topic" {
   count = "${var.create_sns_topic ? 0 : 1}"
   name  = "${var.sns_topic_name}"
 }
 
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 # CLOUDWATCH LOG GROUP
-#   create new log_group if create_log_group == true
-# -------------------------------------------------------------------------------------------------------------
+#   create new log_group (if create_log_group set)
+# -----------------------------------------------------------------
 
 resource "aws_cloudwatch_log_group" "sns_logged_item_group" {
   count             = "${var.create_log_group ? 1 : 0}"
   name              = "${var.log_group_name}"
   retention_in_days = "${var.log_group_retention_days}"
 }
 
-# retrieve metadata for log group if no created, so arn can be included in outputs
+# retrieve log group if not created, arn included in outputs
 data "aws_cloudwatch_log_group" "sns_logged_item_group" {
   count = "${var.create_log_group ? 0 : 1}"
   name  = "${var.log_group_name}"
 }
 
-# -------------------------------------------------------------------------------------------------------------
-# CLOUDWATCH LOG STREAM IF create_log_stream == true
-#   stream created in log_group specified or created
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
+# CLOUDWATCH LOG STREAM
+#   created new log stream (if create_log_stream set)
+# -----------------------------------------------------------------
 
+# create stream in log_group previously created or specified
 resource "aws_cloudwatch_log_stream" "sns_logged_item_stream" {
   count          = "${var.create_log_stream ? 1 : 0}"
   name           = "${var.log_stream_name}"
   log_group_name = "${var.create_log_group ? join("", aws_cloudwatch_log_group.sns_logged_item_group.*.name) : var.log_group_name}"
 }
 
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 # SUBSCRIBE LAMBDA FUNCTION TO SNS TOPIC
-#   Lambda function subscription to sns topic
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 
 resource "aws_sns_topic_subscription" "lambda" {
   topic_arn = "${var.create_sns_topic ? join("", aws_sns_topic.sns_log_topic.*.arn) : join("", data.aws_sns_topic.sns_log_topic.*.arn)}"
   protocol  = "lambda"
-  endpoint  = "${var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn  : aws_lambda_function.sns_cloudwatchlog.arn}"
+  endpoint  = "${var.lambda_publish_func ? aws_lambda_function.sns_cloudwatchlog.qualified_arn : aws_lambda_function.sns_cloudwatchlog.arn}"
 }
 
-# -------------------------------------------------------------------------------------------------------------
-# ENABLE SNS TOPIC AS LAMBDA FUNCTION TRIGGER
-#   use multiple resource blocks as condition parameters aren't possible until Terraform v0.12.0
-# -------------------------------------------------------------------------------------------------------------
-
 # -----------------------------------------------------------------
-#   function published - "qualifier" parameter set to function version
+# ENABLE SNS TOPIC AS LAMBDA FUNCTION TRIGGER
+#   multiple resource blockss until 'null' parameter feature in Terraform v0.12.0
 # -----------------------------------------------------------------
+
+# function published - "qualifier" set to function version
 resource "aws_lambda_permission" "sns_cloudwatchlog_published" {
   count         = "${var.lambda_publish_func ? 1 : 0}"
   statement_id  = "AllowExecutionFromSNS"
@@ -112,9 +108,7 @@ resource "aws_lambda_permission" "sns_cloudwatchlog_published" {
   qualifier     = "${aws_lambda_function.sns_cloudwatchlog.version}"
 }
 
-# -----------------------------------------------------------------
-#   function not published - "qualifier" parameter not be set
-# -----------------------------------------------------------------
+# function not published - dont specify "qualifier" parameter
 resource "aws_lambda_permission" "sns_cloudwatchlog" {
   count         = "${var.lambda_publish_func ? 0 : 1}"
   statement_id  = "AllowExecutionFromSNS"
@@ -124,30 +118,24 @@ resource "aws_lambda_permission" "sns_cloudwatchlog" {
   source_arn    = "${var.create_sns_topic ? join("", aws_sns_topic.sns_log_topic.*.arn) : join("", data.aws_sns_topic.sns_log_topic.*.arn)}"
 }
 
-# -------------------------------------------------------------------------------------------------------------
+# -------------------------------------------------------------------------------------
 # CREATE IAM ROLE AND POLICIES FOR LAMBDA FUNCTION
-# -------------------------------------------------------------------------------------------------------------
+# -------------------------------------------------------------------------------------
 
-# -----------------------------------------------------------------
-#   Create base IAM role
-# -----------------------------------------------------------------
+# Create IAM role
 resource "aws_iam_role" "lambda_cloudwatch_logs" {
   name               = "lambda_${lower(var.lambda_func_name)}"
   assume_role_policy = "${data.aws_iam_policy_document.lambda_cloudwatch_logs.json}"
 }
 
-# -----------------------------------------------------------------
-#   Add policy enabling access to other AWS services
-# -----------------------------------------------------------------
+# Add base Lambda Execution policy
 resource "aws_iam_role_policy" "lambda_cloudwatch_logs_polcy" {
   name   = "lambda_${lower(var.lambda_func_name)}_policy"
   role   = "${aws_iam_role.lambda_cloudwatch_logs.id}"
   policy = "${data.aws_iam_policy_document.lambda_cloudwatch_logs_policy.json}"
 }
 
-# -----------------------------------------------------------------
-#   JSON POLICY - execution
-# -----------------------------------------------------------------
+# JSON POLICY - assume role
 data "aws_iam_policy_document" "lambda_cloudwatch_logs" {
   statement {
     actions = ["sts:AssumeRole"]
@@ -159,9 +147,7 @@ data "aws_iam_policy_document" "lambda_cloudwatch_logs" {
   }
 }
 
-# -----------------------------------------------------------------
-#   JSON POLICY - enable access to other AWS services
-# -----------------------------------------------------------------
+# JSON POLICY - base Lambda Execution policy
 data "aws_iam_policy_document" "lambda_cloudwatch_logs_policy" {
   statement {
     actions = [
@@ -174,13 +160,11 @@ data "aws_iam_policy_document" "lambda_cloudwatch_logs_policy" {
   }
 }
 
-# -------------------------------------------------------------------------------------------------------------
-# CREATE CLOUDWATCH TRIGGER EVENT TO PERIODICALLY CONTACT THE LAMBDA FUNCTION AND PREVENT IT FROM SUSPENDING
-# -------------------------------------------------------------------------------------------------------------
-
 # -----------------------------------------------------------------
-#   create cloudwatch event to run every 15 minutes
+# CREATE CLOUDWATCH EVENT TO PREVENT LAMBDA FUNCTION SUSPENSION
 # -----------------------------------------------------------------
+
+# create cloudwatch event to run every 15 minutes
 resource "aws_cloudwatch_event_rule" "warmer" {
   count = "${var.create_warmer_event ? 1 : 0}"
 
@@ -189,9 +173,7 @@ resource "aws_cloudwatch_event_rule" "warmer" {
   schedule_expression = "rate(15 minutes)"
 }
 
-# -----------------------------------------------------------------
-#   set event target as sns_to_cloudwatch_logs lambda function 
-# -----------------------------------------------------------------
+# set event target as sns_to_cloudwatch_logs lambda function 
 resource "aws_cloudwatch_event_target" "warmer" {
   count = "${var.create_warmer_event ? 1 : 0}"
 
@@ -208,14 +190,12 @@ resource "aws_cloudwatch_event_target" "warmer" {
 JSON
 }
 
-# -------------------------------------------------------------------------------------------------------------
-# ENABLE CLOUDWATCH EVENT AS LAMBDA FUNCTION TRIGGER
-#   use multiple resource blocks as condition parameters aren't possible until Terraform v0.12.0
-# -------------------------------------------------------------------------------------------------------------
-
 # -----------------------------------------------------------------
-#   function published - "qualifier" parameter set to function version
+# ENABLE CLOUDWATCH EVENT AS LAMBDA FUNCTION TRIGGER
+#   multiple resource blockss until 'null' parameter feature in Terraform v0.12.0
 # -----------------------------------------------------------------
+
+# function published - "qualifier" set to function version
 resource "aws_lambda_permission" "warmer_published" {
   count = "${var.create_warmer_event ? var.lambda_publish_func ? 1 : 0 : 0}"
 
@@ -227,9 +207,7 @@ resource "aws_lambda_permission" "warmer_published" {
   qualifier     = "${aws_lambda_function.sns_cloudwatchlog.version}"
 }
 
-# -----------------------------------------------------------------
-#   function not published - "qualifier" parameter not be set
-# -----------------------------------------------------------------
+# function not published - dont specify "qualifier" parameter
 resource "aws_lambda_permission" "warmer" {
   count = "${var.create_warmer_event ? var.lambda_publish_func ? 0 : 1 : 0}"
 

outputs.tf

@@ -1,9 +1,9 @@
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 # AWS SNS TO CLOUDWATCH LOGS LAMBDA GATEWAY - OUTPUTS
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 
 output "lambda_name" {
-  description = "Name assigned to the Lambda Function."
+  description = "Name assigned to Lambda Function."
   value       = "${var.lambda_func_name}"
 }
 
@@ -18,7 +18,7 @@ output "lambda_version" {
 }
 
 output "lambda_last_modified" {
-  description = "The date the Lambda Function was last modified."
+  description = "The date Lambda Function was last modified."
   value       = "${aws_lambda_function.sns_cloudwatchlog.last_modified}"
 }
 

variables.tf

@@ -1,79 +1,75 @@
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 # REQUIRED VARIABLES WITHOUT DEFAULT VALUES
-# -------------------------------------------------------------------------------------------------------------
+# -----------------------------------------------------------------
 
 variable aws_region {
   type        = "string"
-  description = "Region where AWS resources will be created and used."
+  description = "Region where AWS resources will be created."
 }
 
 variable sns_topic_name {
   type        = "string"
-  description = "Name of SNS Topic to be logged to CloudWatch Logs."
+  description = "Name of SNS Topic logging to CloudWatch Log."
 }
 
 variable log_group_name {
   type        = "string"
-  description = "Name of CloudWatch Log Group to create or use."
+  description = "Name of CloudWatch Log Group created or used (if previously created)."
 }
 
 variable log_stream_name {
   type        = "string"
-  description = "Name of CloudWatch Log Stream to create or use.  If using an existing stream, it must exist in the Log group specified in 'log_group_name'."
+  description = "Name of CloudWatch Log Stream created or used (if previously created).  If using an existing stream it must exist in the Log group specified in 'log_group_name'."
 }
 
-# -------------------------------------------------------------------------------------------------------------
-# VARIABLES DEFINITIONS WITH DEFAULT VALUES
-# -------------------------------------------------------------------------------------------------------------
-
 # -----------------------------------------------------------------
-# SNS, LOG GROUP, LOG STREAM
+# VARIABLES DEFINITIONS WITH DEFAULT VALUES
 # -----------------------------------------------------------------
 
+# SNS TOPIC, LOG GROUP, LOG STREAM
+
 variable create_sns_topic {
   default     = true
-  description = "Boolean flag that determines if SNS topic: 'sns_topic_name' is created. If 'false' it uses an existing topic of that name."
+  description = "Boolean flag that determines if SNS topic, 'sns_topic_name' is created. If 'false' it uses an existing topic of that name."
 }
 
 variable create_log_group {
   default     = true
-  description = "Boolean flag that determines if log group: 'log_group_name' is created.  If 'false' it uses an existing group of that name."
+  description = "Boolean flag that determines if log group, 'log_group_name' is created.  If 'false' it uses an existing group of that name."
 }
 
 variable create_log_stream {
   default     = true
-  description = "Boolean flag that determines if log stream: 'log_stream_name' is created. If 'false' it uses an existing stream of that name."
+  description = "Boolean flag that determines if log stream, 'log_stream_name' is created. If 'false' it uses an existing stream of that name."
 }
 
 variable log_group_retention_days {
   default     = 0
   description = "Number of days to retain data in the log group (0 = always retain)."
 }
 
-# -----------------------------------------------------------------
 # LAMBDA FUNCTION
-# -----------------------------------------------------------------
 
 variable lambda_func_name {
   type        = "string"
   default     = "SNStoCloudWatchLogs"
-  description = "Name to assign to the Lambda Function."
+  description = "Name to assign to Lambda Function."
 }
 
 variable lambda_description {
   type        = "string"
   default     = "Route SNS messages to CloudWatch Logs"
-  description = "Description to assign to the Lambda Function."
+  description = "Description to assign to Lambda Function."
 }
 
 variable lambda_publish_func {
   default     = false
-  description = "Boolean flag that determines if the Lambda function is published as a version."
+  description = "Boolean flag that determines if Lambda function is published as a version."
 }
 
 variable create_warmer_event {
   default     = false
-  description = "Boolean flag that determines if a CloudWatch Trigger event is created to prevent the Lambda function from suspending."
+  description = "Boolean flag that determines if a CloudWatch Trigger event is created to prevent Lambda function from suspending."
 }
 
 variable lambda_timeout {