GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → terraform-google-modules → Terraform Google Log Export

terraform-google-modules / Terraform Google Log Export

Licence: apache-2.0
This module allows you to create log exports at the project, folder, or organization level.

Labels

hcl

Projects that are alternatives of or similar to Terraform Google Log Export

Terraform Vpc
Modular Terraform repository to provision a multi-tier VPC in AWS
Stars: ✭ 13 (-60.61%)
Mutual labels:  hcl
Cloud crack
Crack passwords using Terraform and AWS
Stars: ✭ 29 (-12.12%)
Mutual labels:  hcl
Terraform Sqs Lambda Trigger Example
Example on how to create a AWS Lambda triggered by SQS in Terraform
Stars: ✭ 31 (-6.06%)
Mutual labels:  hcl
Terraform Splunk
Terraform template to build a splunk cluster
Stars: ✭ 20 (-39.39%)
Mutual labels:  hcl
Awesome Terraform
A summarize of terraform usage and example
Stars: ✭ 29 (-12.12%)
Mutual labels:  hcl
Packet Terraform
Terraform scripts for packet.net
Stars: ✭ 29 (-12.12%)
Mutual labels:  hcl
K8s Training
Stars: ✭ 13 (-60.61%)
Mutual labels:  hcl
Ebs bckup
Stars: ✭ 32 (-3.03%)
Mutual labels:  hcl
Hcloud Okd4
Deploy OKD4 (OpenShift) on Hetzner Cloud
Stars: ✭ 29 (-12.12%)
Mutual labels:  hcl
Wordpress Ecs
Terraform and packer file to deploy Wordpress on Amazon ECS
Stars: ✭ 30 (-9.09%)
Mutual labels:  hcl
Terraform Aws Iam Role
Terraform module to create AWS IAM Role.
Stars: ✭ 28 (-15.15%)
Mutual labels:  hcl
Platform As Code Example
Platform as Code - Example
Stars: ✭ 28 (-15.15%)
Mutual labels:  hcl
Terraform Course
Course files for my Udemy course about Terraform
Stars: ✭ 951 (+2781.82%)
Mutual labels:  hcl
X K8s
ITRI's Kubernetes platform for 5G Edge VNF.
Stars: ✭ 20 (-39.39%)
Mutual labels:  hcl
Aws Infrastructure
Boilerplate for a standard AWS infrastructure
Stars: ✭ 31 (-6.06%)
Mutual labels:  hcl
Terraform
Stars: ✭ 13 (-60.61%)
Mutual labels:  hcl
Kubernetes Terraform Scaleway
Terraform formula for creating a Kubernetes cluster running on Scaleway
Stars: ✭ 29 (-12.12%)
Mutual labels:  hcl
Rancher Tf Mc
Stars: ✭ 33 (+0%)
Mutual labels:  hcl
Vector Test Harness
End-to-end test harness for the Vector observability data router
Stars: ✭ 32 (-3.03%)
Mutual labels:  hcl
Terraform Aws Cross Account Role
A Terraform module to create an IAM Role for Cross Account delegation.
Stars: ✭ 30 (-9.09%)
Mutual labels:  hcl
View All Similar Projects ➔

Terraform Log Export Module

This module allows you to create log exports at the project, folder, organization, or billing account level. Submodules are also available to configure the destination resource that will store all exported logs. The resources/services/activations/deletions that this module will create/trigger are:

  • An Aggregated log export on the project-level, folder-level, organization-level, or billing-account-level
  • A Service account (logsink writer)
  • A Destination (Cloud Storage bucket, Cloud Pub/Sub topic, BigQuery dataset)

Compatibility

This module is meant for use with Terraform 0.12. If you haven't upgraded and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is 2.3.0.

Usage

The examples directory contains directories for each destination, and within each destination directory are directories for each parent resource level. Consider the following example that will configure a Cloud Storage destination and a log export at the project level:

module "log_export" {
  source                 = "terraform-google-modules/log-export/google"
  destination_uri        = "${module.destination.destination_uri}"
  filter                 = "severity >= ERROR"
  log_sink_name          = "storage_example_logsink"
  parent_resource_id     = "sample-project"
  parent_resource_type   = "project"
  unique_writer_identity = true
}

module "destination" {
  source                   = "terraform-google-modules/log-export/google//modules/storage"
  project_id               = "sample-project"
  storage_bucket_name      = "storage_example_bucket"
  log_sink_writer_identity = "${module.log_export.writer_identity}"
}

At first glance that example seems like a circular dependency as each module declaration is using an output from the other, however Terraform is able to collect and order all the resources so that all dependencies are met.

Inputs

Name Description Type Default Required
bigquery_options (Optional) Options that affect sinks exporting data to BigQuery. use_partitioned_tables - (Required) Whether to use BigQuery's partition tables. 
object({
    use_partitioned_tables = bool
  })
 null no
destination_uri The self_link URI of the destination resource (This is available as an output coming from one of the destination submodules) string n/a yes
filter The filter to apply when exporting logs. Only log entries that match the filter are exported. Default is '' which exports all logs. string "" no
include_children Only valid if 'organization' or 'folder' is chosen as var.parent_resource.type. Determines whether or not to include children organizations/folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization/folder are included. bool false no
log_sink_name The name of the log sink to be created. string n/a yes
parent_resource_id The ID of the GCP resource in which you create the log sink. If var.parent_resource_type is set to 'project', then this is the Project ID (and etc). string n/a yes
parent_resource_type The GCP resource in which you create the log sink. The value must not be computed, and must be one of the following: 'project', 'folder', 'billing_account', or 'organization'. string "project" no
unique_writer_identity Whether or not to create a unique identity associated with this sink. If false (the default), then the writer_identity used is serviceAccount:[email protected]. If true, then a unique service account is created and used for the logging sink. bool false no

Outputs

Name Description
filter The filter to be applied when exporting logs.
log_sink_resource_id The resource ID of the log sink that was created.
log_sink_resource_name The resource name of the log sink that was created.
parent_resource_id The ID of the GCP resource in which you create the log sink.
writer_identity The service account that logging uses to write log entries to the destination.

Requirements

Terraform plugins

Configure a Service Account

In order to execute this module you must have a Service Account with the following:

Roles

The service account should have the following roles:

  • roles/logging.configWriter on the logsink's project, folder, or organization (to create the logsink)
  • roles/resourcemanager.projectIamAdmin on the destination project (to grant write permissions for logsink service account)
  • roles/serviceusage.serviceUsageAdmin on the destination project (to enable destination APIs)

Pub/Sub roles

To use a Google Cloud Pub/Sub topic as the destination:

  • roles/pubsub.admin on the destination project (to create a pub/sub topic)

To integrate the logsink with Splunk, you'll need a topic subscriber (service account):

  • roles/iam.serviceAccountAdmin on the destination project (to create a service account for the logsink subscriber)

Storage role

To use a Google Cloud Storage bucket as the destination:

  • roles/storage.admin on the destination project (to create a storage bucket)

BigQuery role

To use a BigQuery dataset as the destination, one must grant:

  • roles/bigquery.dataEditor on the destination project (to create a BigQuery dataset)

BigQuery Options

To use BigQuery use_partitioned_tables argument you must also have unique_writer_identity set to true.

Usage in module:

bigquery_options = {
   use_partitioned_tables = true
 }

Enabling this option will store logs into a single table that is internally partitioned by day which can improve query performance.

Enable API's

In order to operate with the Service Account you must activate the following API's on the base project where the Service Account was created:

  • Cloud Resource Manager API - cloudresourcemanager.googleapis.com
  • Cloud Billing API - cloudbilling.googleapis.com
  • Identity and Access Management API - iam.googleapis.com
  • Service Usage API - serviceusage.googleapis.com
  • Stackdriver Logging API - logging.googleapis.com
  • Cloud Storage JSON API - storage-api.googleapis.com
  • BigQuery API - bigquery.googleapis.com
  • Cloud Pub/Sub API - pubsub.googleapis.com

Install

Terraform

Be sure you have the correct Terraform version (0.12.x), you can choose the binary here:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].