From 15db000791fee3ce022447df9cf907d9ebdf511f Mon Sep 17 00:00:00 2001 From: Thomas Judd-Cooper Date: Tue, 4 Jul 2023 12:30:25 +0100 Subject: [PATCH] Add lambda CloudWatch log groups, move locals into locals.tf --- locals.tf | 248 +++++++++++++++++++++++++++ main.tf | 226 +----------------------- modules/opennext-assets/s3.tf | 2 +- modules/opennext-lambda/lambda.tf | 7 + modules/opennext-lambda/outputs.tf | 4 + modules/opennext-lambda/variables.tf | 8 + variables.tf | 17 +- 7 files changed, 289 insertions(+), 223 deletions(-) create mode 100644 locals.tf diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..3fe7a42 --- /dev/null +++ b/locals.tf @@ -0,0 +1,248 @@ +locals { + opennext_abs_path = "${abspath(path.root)}/${var.opennext_build_path}" +} + +locals { + /** + * CloudFront Options + **/ + cloudfront = { + aliases = var.cloudfront.aliases + acm_certificate_arn = var.cloudfront.acm_certificate_arn + assets_paths = coalesce(var.cloudfront.assets_paths, []) + custom_headers = coalesce(var.cloudfront.custom_headers, []) + cors = merge({ + allow_credentials = false, + allow_headers = ["*"], + allow_methods = ["ALL"], + allow_origins = ["*"], + origin_override = true + }, var.cloudfront.cors) + hsts = merge({ + access_control_max_age_sec = 31536000 + include_subdomains = true + override = true + preload = true + }, var.cloudfront.hsts) + waf_logging_configuration = var.cloudfront.waf_logging_configuration + cache_policy = { + default_ttl = coalesce(try(var.cloudfront.cache_policy.default_ttl, null), 0) + min_ttl = coalesce(try(var.cloudfront.cache_policy.min_ttl, null), 0) + max_ttl = coalesce(try(var.cloudfront.cache_policy.max_ttl, null), 31536000) + cookies_config = merge({ + cookie_behavior = "all" + }, try(var.cloudfront.cache_policy.cookies_config, {})) + headers_config = merge({ + header_behavior = "whitelist", + items = [] + }, try(var.cloudfront.cache_policy.headers_config, {})) + query_strings_config = merge({ + query_string_behavior = "all", + items = [] + }, try(var.cloudfront.cache_policy.query_strings_config, {})) + } + origin_request_policy = try(var.cloudfront.origin_request_policy, null) + } + + /** + * Server Function Options + **/ + server_options = { + package = { + source_dir = coalesce(try(var.server_options.package.source_dir, null), "${local.opennext_abs_path}/server-function/") + output_dir = coalesce(try(var.server_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") + } + + function = { + function_name = try(var.server_options.function.function_name, null) + description = coalesce(try(var.server_options.function.description, null), "Next.js Server") + handler = coalesce(try(var.server_options.function.handler, null), "index.handler") + runtime = coalesce(try(var.server_options.function.runtime, null), "nodejs18.x") + architectures = coalesce(try(var.server_options.function.architectures, null), ["arm64"]) + memory_size = coalesce(try(var.server_options.function.memory_size, null), 1024) + timeout = coalesce(try(var.server_options.function.timeout, null), 30) + publish = coalesce(try(var.server_options.function.publish, null), true) + dead_letter_config = try(var.server_options.function.dead_letter_config, null) + reserved_concurrent_executions = coalesce(try(var.server_options.function.reserved_concurrent_executions, null), 10) + code_signing_config = try(var.server_options.function.code_signing_config, null) + } + + log_group = { + retention_in_days = coalesce(try(var.server_options.log_group.retention_in_days, null), 365) + kms_key_id = try(var.server_options.log_group.retention_in_days, null) + } + + networking = { + vpc_id = try(var.server_options.networking.vpc_id, null) + subnet_ids = coalesce(try(var.server_options.networking.subnet_ids, null), []) + security_group_ingress_rules = coalesce(try(var.server_options.networking.sg_ingress_rules, null), []) + security_group_egress_rules = coalesce(try(var.server_options.networking.sg_egress_rules, null), []) + } + + environment_variables = merge({ + CACHE_BUCKET_NAME = module.assets.assets_bucket.bucket + CACHE_BUCKET_KEY_PREFIX = "cache" + CACHE_BUCKET_REGION = data.aws_region.current.name + REVALIDATION_QUEUE_URL = module.revalidation_queue.queue.url + REVALIDATION_QUEUE_REGION = data.aws_region.current.name + }, coalesce(try(var.server_options.environment_variables, null), {})) + + iam_policy_statements = concat([ + { + effect = "Allow" + actions = ["s3:GetObject", "s3:PutObject", "s3:ListObjects"] + resources = [module.assets.assets_bucket.arn, "${module.assets.assets_bucket.arn}/*"] + }, + { + effect = "Allow" + actions = ["sqs:SendMessage"] + resources = [module.revalidation_queue.queue.arn] + } + ], coalesce(try(var.server_options.iam_policy, null), [])) + } + + /** + * Image Optimization Function Options + **/ + image_optimization_options = { + package = { + source_dir = coalesce(try(var.image_optimization_options.package.source_dir, null), "${local.opennext_abs_path}/image-optimization-function/") + output_dir = coalesce(try(var.image_optimization_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") + } + + function = { + function_name = try(var.image_optimization_options.function.function_name, null) + description = coalesce(try(var.image_optimization_options.function.description, null), "Next.js Image Optimization") + handler = coalesce(try(var.image_optimization_options.function.handler, null), "index.handler") + runtime = coalesce(try(var.image_optimization_options.function.runtime, null), "nodejs18.x") + architectures = coalesce(try(var.image_optimization_options.function.architectures, null), ["arm64"]) + memory_size = coalesce(try(var.image_optimization_options.function.memory_size, null), 512) + timeout = coalesce(try(var.image_optimization_options.function.timeout, null), 30) + publish = coalesce(try(var.image_optimization_options.function.publish, null), false) + dead_letter_config = try(var.image_optimization_options.function.dead_letter_config, null) + reserved_concurrent_executions = coalesce(try(var.image_optimization_options.function.reserved_concurrent_executions, null), 3) + code_signing_config = try(var.image_optimization_options.function.code_signing_config, null) + } + + log_group = { + retention_in_days = coalesce(try(var.image_optimization_options.log_group.retention_in_days, null), 365) + kms_key_id = try(var.image_optimization_options.log_group.retention_in_days, null) + } + + networking = { + vpc_id = try(var.image_optimization_options.networking.vpc_id, null) + subnet_ids = coalesce(try(var.image_optimization_options.networking.subnet_ids, null), []) + security_group_ingress_rules = coalesce(try(var.image_optimization_options.networking.sg_ingress_rules, null), []) + security_group_egress_rules = coalesce(try(var.image_optimization_options.networking.sg_egress_rules, null), []) + } + + environment_variables = merge({ + BUCKET_NAME = module.assets.assets_bucket.bucket, + BUCKET_KEY_PREFIX = "assets" + }, coalesce(try(var.image_optimization_options.environment_variables, null), {})) + + iam_policy_statements = concat([ + { + effect = "Allow" + actions = ["s3:GetObject"] + resources = [module.assets.assets_bucket.arn, "${module.assets.assets_bucket.arn}/*"] + } + ], coalesce(try(var.image_optimization_options.iam_policy, null), [])) + } + + + /** + * ISR Revalidation Function Options + **/ + revalidation_options = { + package = { + source_dir = coalesce(try(var.revalidation_options.package.source_dir, null), "${local.opennext_abs_path}/revalidation-function/") + output_dir = coalesce(try(var.revalidation_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") + } + + function = { + function_name = try(var.revalidation_options.function.function_name, null) + description = coalesce(try(var.revalidation_options.function.description, null), "Next.js ISR Revalidation Function") + handler = coalesce(try(var.revalidation_options.function.handler, null), "index.handler") + runtime = coalesce(try(var.revalidation_options.function.runtime, null), "nodejs18.x") + architectures = coalesce(try(var.revalidation_options.function.architectures, null), ["arm64"]) + memory_size = coalesce(try(var.revalidation_options.function.memory_size, null), 128) + timeout = coalesce(try(var.revalidation_options.function.timeout, null), 30) + publish = coalesce(try(var.revalidation_options.function.publish, null), false) + dead_letter_config = try(var.revalidation_options.function.dead_letter_config, null) + reserved_concurrent_executions = coalesce(try(var.revalidation_options.function.reserved_concurrent_executions, null), 3) + code_signing_config = try(var.revalidation_options.function.code_signing_config, null) + } + + log_group = { + retention_in_days = coalesce(try(var.revalidation_options.log_group.retention_in_days, null), 365) + kms_key_id = try(var.revalidation_options.log_group.retention_in_days, null) + } + + networking = { + vpc_id = try(var.revalidation_options.networking.vpc_id, null) + subnet_ids = coalesce(try(var.revalidation_options.networking.subnet_ids, null), []) + security_group_ingress_rules = coalesce(try(var.revalidation_options.networking.sg_ingress_rules, null), []) + security_group_egress_rules = coalesce(try(var.revalidation_options.networking.sg_egress_rules, null), []) + } + + environment_variables = coalesce(try(var.revalidation_options.environment_variables, null), {}) + + iam_policy_statements = concat([ + { + effect = "Allow" + actions = ["sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes"] + resources = [module.revalidation_queue.queue.arn] + } + ], coalesce(try(var.revalidation_options.iam_policy, null), [])) + } + + /** + * Warmer Function Options + **/ + warmer_options = { + package = { + source_dir = coalesce(try(var.warmer_options.package.source_dir, null), "${local.opennext_abs_path}/warmer-function/") + output_dir = coalesce(try(var.warmer_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") + } + + function = { + function_name = try(var.warmer_options.function.function_name, null) + description = coalesce(try(var.warmer_options.function.description, null), "Next.js Warmer Function") + handler = coalesce(try(var.warmer_options.function.handler, null), "index.handler") + runtime = coalesce(try(var.warmer_options.function.runtime, null), "nodejs18.x") + architectures = coalesce(try(var.warmer_options.function.architectures, null), ["arm64"]) + memory_size = coalesce(try(var.warmer_options.function.memory_size, null), 128) + timeout = coalesce(try(var.warmer_options.function.timeout, null), 30) + publish = coalesce(try(var.warmer_options.function.publish, null), false) + dead_letter_config = try(var.warmer_options.function.dead_letter_config, null) + reserved_concurrent_executions = coalesce(try(var.warmer_options.function.reserved_concurrent_executions, null), 3) + code_signing_config = try(var.warmer_options.function.code_signing_config, null) + } + + log_group = { + retention_in_days = coalesce(try(var.warmer_options.log_group.retention_in_days, null), 365) + kms_key_id = try(var.warmer_options.log_group.retention_in_days, null) + } + + networking = { + vpc_id = try(var.warmer_options.networking.vpc_id, null) + subnet_ids = coalesce(try(var.warmer_options.networking.subnet_ids, null), []) + security_group_ingress_rules = coalesce(try(var.warmer_options.networking.sg_ingress_rules, null), []) + security_group_egress_rules = coalesce(try(var.warmer_options.networking.sg_egress_rules, null), []) + } + + environment_variables = merge({ + FUNCTION_NAME = module.server_function.lambda_function.function_name, + CONCURRENCY = 1 + }, coalesce(try(var.warmer_options.environment_variables, null), {})) + + iam_policy_statements = concat([ + { + effect = "Allow" + actions = ["lambda:InvokeFunction"] + resources = [module.server_function.lambda_function.arn] + } + ], coalesce(try(var.warmer_options.iam_policy, null), [])) + } +} diff --git a/main.tf b/main.tf index bb27a09..b544680 100644 --- a/main.tf +++ b/main.tf @@ -14,10 +14,6 @@ provider "aws" { region = "us-east-1" } -locals { - opennext_abs_path = "${abspath(path.root)}/${var.opennext_build_path}" -} - data "aws_caller_identity" "current" {} data "aws_region" "current" {} @@ -37,57 +33,6 @@ module "assets" { /** * Next.js Server Function **/ -locals { - server_options = { - package = { - source_dir = coalesce(try(var.server_options.package.source_dir, null), "${local.opennext_abs_path}/server-function/") - output_dir = coalesce(try(var.server_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") - } - - function = { - function_name = try(var.server_options.function.function_name, null) - description = coalesce(try(var.server_options.function.description, null), "Next.js Server") - handler = coalesce(try(var.server_options.function.handler, null), "index.handler") - runtime = coalesce(try(var.server_options.function.runtime, null), "nodejs18.x") - architectures = coalesce(try(var.server_options.function.architectures, null), ["arm64"]) - memory_size = coalesce(try(var.server_options.function.memory_size, null), 1024) - timeout = coalesce(try(var.server_options.function.timeout, null), 30) - publish = coalesce(try(var.server_options.function.publish, null), true) - dead_letter_config = try(var.server_options.function.dead_letter_config, null) - reserved_concurrent_executions = coalesce(try(var.server_options.function.reserved_concurrent_executions, null), 10) - code_signing_config = try(var.server_options.function.code_signing_config, null) - } - - networking = { - vpc_id = try(var.server_options.networking.vpc_id, null) - subnet_ids = coalesce(try(var.server_options.networking.subnet_ids, null), []) - security_group_ingress_rules = coalesce(try(var.server_options.networking.sg_ingress_rules, null), []) - security_group_egress_rules = coalesce(try(var.server_options.networking.sg_egress_rules, null), []) - } - - environment_variables = merge({ - CACHE_BUCKET_NAME = module.assets.assets_bucket.bucket - CACHE_BUCKET_KEY_PREFIX = "cache" - CACHE_BUCKET_REGION = data.aws_region.current.name - REVALIDATION_QUEUE_URL = module.revalidation_queue.queue.url - REVALIDATION_QUEUE_REGION = data.aws_region.current.name - }, coalesce(try(var.server_options.environment_variables, null), {})) - - iam_policy_statements = concat([ - { - effect = "Allow" - actions = ["s3:GetObject", "s3:PutObject", "s3:ListObjects"] - resources = [module.assets.assets_bucket.arn, "${module.assets.assets_bucket.arn}/*"] - }, - { - effect = "Allow" - actions = ["sqs:SendMessage"] - resources = [module.revalidation_queue.queue.arn] - } - ], coalesce(try(var.server_options.iam_policy, null), [])) - } -} - module "server_function" { source = "./modules/opennext-lambda" @@ -104,6 +49,8 @@ module "server_function" { dead_letter_config = local.server_options.function.dead_letter_config reserved_concurrent_executions = local.server_options.function.reserved_concurrent_executions code_signing_config = local.server_options.function.code_signing_config + log_group = local.server_options.log_group + source_dir = local.server_options.package.source_dir output_dir = local.server_options.package.output_dir @@ -121,49 +68,6 @@ module "server_function" { /** * Image Optimization Function **/ -locals { - image_optimization_options = { - package = { - source_dir = coalesce(try(var.image_optimization_options.package.source_dir, null), "${local.opennext_abs_path}/image-optimization-function/") - output_dir = coalesce(try(var.image_optimization_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") - } - - function = { - function_name = try(var.image_optimization_options.function.function_name, null) - description = coalesce(try(var.image_optimization_options.function.description, null), "Next.js Image Optimization") - handler = coalesce(try(var.image_optimization_options.function.handler, null), "index.handler") - runtime = coalesce(try(var.image_optimization_options.function.runtime, null), "nodejs18.x") - architectures = coalesce(try(var.image_optimization_options.function.architectures, null), ["arm64"]) - memory_size = coalesce(try(var.image_optimization_options.function.memory_size, null), 512) - timeout = coalesce(try(var.image_optimization_options.function.timeout, null), 30) - publish = coalesce(try(var.image_optimization_options.function.publish, null), false) - dead_letter_config = try(var.image_optimization_options.function.dead_letter_config, null) - reserved_concurrent_executions = coalesce(try(var.image_optimization_options.function.reserved_concurrent_executions, null), 3) - code_signing_config = try(var.image_optimization_options.function.code_signing_config, null) - } - - networking = { - vpc_id = try(var.image_optimization_options.networking.vpc_id, null) - subnet_ids = coalesce(try(var.image_optimization_options.networking.subnet_ids, null), []) - security_group_ingress_rules = coalesce(try(var.image_optimization_options.networking.sg_ingress_rules, null), []) - security_group_egress_rules = coalesce(try(var.image_optimization_options.networking.sg_egress_rules, null), []) - } - - environment_variables = merge({ - BUCKET_NAME = module.assets.assets_bucket.bucket, - BUCKET_KEY_PREFIX = "assets" - }, coalesce(try(var.image_optimization_options.environment_variables, null), {})) - - iam_policy_statements = concat([ - { - effect = "Allow" - actions = ["s3:GetObject"] - resources = [module.assets.assets_bucket.arn, "${module.assets.assets_bucket.arn}/*"] - } - ], coalesce(try(var.image_optimization_options.iam_policy, null), [])) - } -} - module "image_optimization_function" { source = "./modules/opennext-lambda" @@ -180,6 +84,7 @@ module "image_optimization_function" { dead_letter_config = local.image_optimization_options.function.dead_letter_config reserved_concurrent_executions = local.image_optimization_options.function.reserved_concurrent_executions code_signing_config = local.image_optimization_options.function.code_signing_config + log_group = local.image_optimization_options.log_group source_dir = local.image_optimization_options.package.source_dir output_dir = local.image_optimization_options.package.output_dir @@ -196,46 +101,6 @@ module "image_optimization_function" { /** * ISR Revalidation Function **/ -locals { - revalidation_options = { - package = { - source_dir = coalesce(try(var.revalidation_options.package.source_dir, null), "${local.opennext_abs_path}/revalidation-function/") - output_dir = coalesce(try(var.revalidation_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") - } - - function = { - function_name = try(var.revalidation_options.function.function_name, null) - description = coalesce(try(var.revalidation_options.function.description, null), "Next.js ISR Revalidation Function") - handler = coalesce(try(var.revalidation_options.function.handler, null), "index.handler") - runtime = coalesce(try(var.revalidation_options.function.runtime, null), "nodejs18.x") - architectures = coalesce(try(var.revalidation_options.function.architectures, null), ["arm64"]) - memory_size = coalesce(try(var.revalidation_options.function.memory_size, null), 128) - timeout = coalesce(try(var.revalidation_options.function.timeout, null), 30) - publish = coalesce(try(var.revalidation_options.function.publish, null), false) - dead_letter_config = try(var.revalidation_options.function.dead_letter_config, null) - reserved_concurrent_executions = coalesce(try(var.revalidation_options.function.reserved_concurrent_executions, null), 3) - code_signing_config = try(var.revalidation_options.function.code_signing_config, null) - } - - networking = { - vpc_id = try(var.revalidation_options.networking.vpc_id, null) - subnet_ids = coalesce(try(var.revalidation_options.networking.subnet_ids, null), []) - security_group_ingress_rules = coalesce(try(var.revalidation_options.networking.sg_ingress_rules, null), []) - security_group_egress_rules = coalesce(try(var.revalidation_options.networking.sg_egress_rules, null), []) - } - - environment_variables = coalesce(try(var.revalidation_options.environment_variables, null), {}) - - iam_policy_statements = concat([ - { - effect = "Allow" - actions = ["sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes"] - resources = [module.revalidation_queue.queue.arn] - } - ], coalesce(try(var.revalidation_options.iam_policy, null), [])) - } -} - module "revalidation_function" { source = "./modules/opennext-lambda" @@ -252,6 +117,7 @@ module "revalidation_function" { dead_letter_config = local.revalidation_options.function.dead_letter_config reserved_concurrent_executions = local.revalidation_options.function.reserved_concurrent_executions code_signing_config = local.revalidation_options.function.code_signing_config + log_group = local.revalidation_options.log_group source_dir = local.revalidation_options.package.source_dir output_dir = local.revalidation_options.package.output_dir @@ -279,49 +145,7 @@ module "revalidation_queue" { /** * Warmer Function **/ -locals { - warmer_options = { - package = { - source_dir = coalesce(try(var.warmer_options.package.source_dir, null), "${local.opennext_abs_path}/warmer-function/") - output_dir = coalesce(try(var.warmer_options.package.output_dir, null), "${local.opennext_abs_path}/.build/") - } - - function = { - function_name = try(var.warmer_options.function.function_name, null) - description = coalesce(try(var.warmer_options.function.description, null), "Next.js Warmer Function") - handler = coalesce(try(var.warmer_options.function.handler, null), "index.handler") - runtime = coalesce(try(var.warmer_options.function.runtime, null), "nodejs18.x") - architectures = coalesce(try(var.warmer_options.function.architectures, null), ["arm64"]) - memory_size = coalesce(try(var.warmer_options.function.memory_size, null), 128) - timeout = coalesce(try(var.warmer_options.function.timeout, null), 30) - publish = coalesce(try(var.warmer_options.function.publish, null), false) - dead_letter_config = try(var.warmer_options.function.dead_letter_config, null) - reserved_concurrent_executions = coalesce(try(var.warmer_options.function.reserved_concurrent_executions, null), 3) - code_signing_config = try(var.warmer_options.function.code_signing_config, null) - } - - networking = { - vpc_id = try(var.warmer_options.networking.vpc_id, null) - subnet_ids = coalesce(try(var.warmer_options.networking.subnet_ids, null), []) - security_group_ingress_rules = coalesce(try(var.warmer_options.networking.sg_ingress_rules, null), []) - security_group_egress_rules = coalesce(try(var.warmer_options.networking.sg_egress_rules, null), []) - } - - environment_variables = merge({ - FUNCTION_NAME = module.server_function.lambda_function.function_name, - CONCURRENCY = 1 - }, coalesce(try(var.warmer_options.environment_variables, null), {})) - - iam_policy_statements = concat([ - { - effect = "Allow" - actions = ["lambda:InvokeFunction"] - resources = [module.server_function.lambda_function.arn] - } - ], coalesce(try(var.warmer_options.iam_policy, null), [])) - } -} module "warmer_function" { source = "./modules/opennext-lambda" @@ -340,6 +164,7 @@ module "warmer_function" { dead_letter_config = local.warmer_options.function.dead_letter_config reserved_concurrent_executions = local.warmer_options.function.reserved_concurrent_executions code_signing_config = local.warmer_options.function.code_signing_config + log_group = local.warmer_options.log_group source_dir = local.warmer_options.package.source_dir output_dir = local.warmer_options.package.output_dir @@ -367,47 +192,6 @@ module "cloudfront_logs" { /** * Next.js CloudFront Distribution **/ -locals { - cloudfront = { - aliases = var.cloudfront.aliases - acm_certificate_arn = var.cloudfront.acm_certificate_arn - assets_paths = coalesce(var.cloudfront.assets_paths, []) - custom_headers = coalesce(var.cloudfront.custom_headers, []) - cors = merge({ - allow_credentials = false, - allow_headers = ["*"], - allow_methods = ["ALL"], - allow_origins = ["*"], - origin_override = true - }, var.cloudfront.cors) - hsts = merge({ - access_control_max_age_sec = 31536000 - include_subdomains = true - override = true - preload = true - }, var.cloudfront.hsts) - waf_logging_configuration = var.cloudfront.waf_logging_configuration - cache_policy = { - default_ttl = coalesce(try(var.cloudfront.cache_policy.default_ttl, null), 0) - min_ttl = coalesce(try(var.cloudfront.cache_policy.min_ttl, null), 0) - max_ttl = coalesce(try(var.cloudfront.cache_policy.max_ttl, null), 31536000) - cookies_config = merge({ - cookie_behavior = "all" - }, try(var.cloudfront.cache_policy.cookies_config, {})) - headers_config = merge({ - header_behavior = "whitelist", - items = [] - }, try(var.cloudfront.cache_policy.headers_config, {})) - query_strings_config = merge({ - query_string_behavior = "all", - items = [] - }, try(var.cloudfront.cache_policy.query_strings_config, {})) - } - origin_request_policy = try(var.cloudfront.origin_request_policy, null) - } -} - - module "cloudfront" { source = "./modules/opennext-cloudfront" prefix = "${var.prefix}-cloudfront" diff --git a/modules/opennext-assets/s3.tf b/modules/opennext-assets/s3.tf index 4055f5a..e9cf56f 100644 --- a/modules/opennext-assets/s3.tf +++ b/modules/opennext-assets/s3.tf @@ -49,7 +49,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "assets" { rule { apply_server_side_encryption_by_default { - sse_algorithm = "AES256" + sse_algorithm = "AES256" } } } diff --git a/modules/opennext-lambda/lambda.tf b/modules/opennext-lambda/lambda.tf index 29643a1..d4afb07 100644 --- a/modules/opennext-lambda/lambda.tf +++ b/modules/opennext-lambda/lambda.tf @@ -135,3 +135,10 @@ resource "aws_lambda_permission" "allow_execution_from_eventbridge" { function_name = aws_lambda_function.function.function_name principal = "events.amazonaws.com" } + +resource "aws_cloudwatch_log_group" "function_log_group" { + name = "/aws/lambda/${aws_lambda_function.function.function_name}" + skip_destroy = true + retention_in_days = var.log_group.retention_in_days + kms_key_id = var.log_group.kms_key_id +} diff --git a/modules/opennext-lambda/outputs.tf b/modules/opennext-lambda/outputs.tf index c4f9d3d..a4fc086 100644 --- a/modules/opennext-lambda/outputs.tf +++ b/modules/opennext-lambda/outputs.tf @@ -17,3 +17,7 @@ output "cloudwatch_event_target" { output "lambda_role" { value = aws_iam_role.lambda_role } + +output "log_group" { + value = aws_cloudwatch_log_group.function_log_group +} diff --git a/modules/opennext-lambda/variables.tf b/modules/opennext-lambda/variables.tf index e95da0c..1a9ed6b 100644 --- a/modules/opennext-lambda/variables.tf +++ b/modules/opennext-lambda/variables.tf @@ -92,6 +92,14 @@ variable "kms_key_arn" { default = null } +variable "log_group" { + description = "Options passed to the CloudWatch log group for the Lambda function" + type = object({ + retention_in_days = number + kms_key_id = string + }) +} + variable "code_signing_config" { description = "Code Signing Config for the Lambda Function" type = object({ diff --git a/variables.tf b/variables.tf index 5f7c6a6..209e7f9 100644 --- a/variables.tf +++ b/variables.tf @@ -43,7 +43,6 @@ variable "server_options" { source_dir = optional(string) output_dir = optional(string) })) - function = optional(object({ function_name = optional(string) description = optional(string) @@ -95,6 +94,10 @@ variable "server_options" { self = optional(bool) }))) })) + log_group = optional(object({ + retention_in_days = optional(number) + kms_key_id = optional(string) + })) }) default = {} } @@ -157,6 +160,10 @@ variable "image_optimization_options" { self = optional(bool) }))) })) + log_group = optional(object({ + retention_in_days = optional(number) + kms_key_id = optional(string) + })) }) default = {} } @@ -219,6 +226,10 @@ variable "revalidation_options" { self = optional(bool) }))) })) + log_group = optional(object({ + retention_in_days = optional(number) + kms_key_id = optional(string) + })) }) default = {} } @@ -281,6 +292,10 @@ variable "warmer_options" { self = optional(bool) }))) })) + log_group = optional(object({ + retention_in_days = optional(number) + kms_key_id = optional(string) + })) }) default = {} }