From acf0d77b0da0bb264709aa9438b4830e7bc5e266 Mon Sep 17 00:00:00 2001 From: Alexei Mikhailov Date: Tue, 15 Oct 2024 10:07:17 +0300 Subject: [PATCH] feat: Support `cloudwatch_log_group_tags` parameter Similar to `security_group_tags`, sometimes it is necessary to configure additional tags on CloudWatch log groups only. --- README.md | 1 + examples/postgresql/main.tf | 4 ++++ main.tf | 2 +- variables.tf | 6 ++++++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 866829b..d553384 100644 --- a/README.md +++ b/README.md @@ -283,6 +283,7 @@ No modules. | [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no | | [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no | | [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no | +| [cloudwatch\_log\_group\_tags](#input\_cloudwatch\_log\_group\_tags) | A mapping of tags to assign to CloudWatch log groups | `map(string)` | `{}` | no | | [cluster\_ca\_cert\_identifier](#input\_cluster\_ca\_cert\_identifier) | The CA certificate identifier to use for the DB cluster's server certificate. Currently only supported for multi-az DB clusters | `string` | `null` | no | | [cluster\_members](#input\_cluster\_members) | List of RDS Instances that are a part of this cluster | `list(string)` | `null` | no | | [cluster\_performance\_insights\_enabled](#input\_cluster\_performance\_insights\_enabled) | Valid only for Non-Aurora Multi-AZ DB Clusters. Enables Performance Insights for the RDS Cluster | `bool` | `null` | no | diff --git a/examples/postgresql/main.tf b/examples/postgresql/main.tf index 64673db..e97d935 100644 --- a/examples/postgresql/main.tf +++ b/examples/postgresql/main.tf @@ -111,6 +111,10 @@ module "aurora" { enabled_cloudwatch_logs_exports = ["postgresql"] create_cloudwatch_log_group = true + cloudwatch_log_group_tags = { + Sensitivity = "high" + } + create_db_cluster_activity_stream = true db_cluster_activity_stream_kms_key_id = module.kms.key_id db_cluster_activity_stream_mode = "async" diff --git a/main.tf b/main.tf index 9c8b756..364e1dc 100644 --- a/main.tf +++ b/main.tf @@ -430,7 +430,7 @@ resource "aws_cloudwatch_log_group" "this" { skip_destroy = var.cloudwatch_log_group_skip_destroy log_group_class = var.cloudwatch_log_group_class - tags = var.tags + tags = merge(var.tags, var.cloudwatch_log_group_tags) } ################################################################################ diff --git a/variables.tf b/variables.tf index c17c5e4..ef24de9 100644 --- a/variables.tf +++ b/variables.tf @@ -750,6 +750,12 @@ variable "cloudwatch_log_group_class" { default = null } +variable "cloudwatch_log_group_tags" { + description = "A mapping of tags to assign to CloudWatch log groups" + type = map(string) + default = {} +} + ################################################################################ # Cluster Activity Stream ################################################################################