apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Like Prometheus, but for logs.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5250 Commits
1076 Branches
354 Tags
740 MiB
Tag: Branch: Tree: bcdc807dd3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bcdc807dd3'
${ noResults }
loki/tools/lambda-promtail/moves.tf

20 lines
408 B
Raw Normal View History Unescape

refactor(lambda-promtail): apply terraform best practices (#8750) **What this PR does / why we need it**: I would like to offer this PR as a suggestion to improve the lambda-promtail terraform-module. I forked it to be able to deploy it more than once in an AWS account. I also applied terraform best-practices. I was hoping that perhaps these changes could be merged into upstream as well. Unlike https://github.com/grafana/loki/pull/8549 , I unfortunately did not end up making a separate commit for each change. If you would like me to create one or more issue(s) to address the points below, I'd be happy to do that as well. List of improvements: 1. Added `var.name` (defaults to lambda-promtail) so that this module can be deployed multiple times in the same AWS account. This allows us to define unique, non-conflicting names for: * the Lambda function * the CloudWatch log-group * the IAM role 2. Split IAM role policies per component; only assign permissions when required 3. Scope down permissions of the IAM role policies 4. During terraform-destroy, ensure CloudWatch log-group is removed **after** the lambda-function. An accidental invocation of the function could re-create an already destroyed log-group, leaving an orphaned log-group List of style changes: 1. Rename resources to `this` when there is only one instance of this resource-type 2. Add newline after `count|before_each` and before `depends_on` 3. Group resources together and add a section comment 4. Add missing(?) statement-id to S3 AWS lambda permission Misc. 1. I added a `moves.tf` file to facilitate moving renamed resources in existing terraform statefiles. This prevents some resources from recreated. Can also be removed. These changes are backwards compatible, even though some resources will end up being re-created. A `terraform apply` should succeed (it did for me). **Checklist** - [X] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) Signed-off-by: Mitch Hulscher <mitch.hulscher@lib.io>
3 years ago
moved {
from = aws_iam_role.iam_for_lambda
to = aws_iam_role.this
}
moved {
from = aws_cloudwatch_log_group.lambda_promtail
to = aws_cloudwatch_log_group.this
}
moved {
from = aws_lambda_function.lambda_promtail
to = aws_lambda_function.this
}
moved {
from = aws_lambda_function_event_invoke_config.lambda_promtail_invoke_config
to = aws_lambda_function_event_invoke_config.this
}