Merge pull request #88 from axiomhq/fix/misc-fixes

Style suggestions
axiomhq · Oct 7, 2024 · 8b27324 · 8b27324
2 parents 6f486c2 + 9574797
commit 8b27324
Show file tree

Hide file tree

Showing 15 changed files with 149 additions and 241 deletions.
diff --git a/examples/forwarder-tf-module/.gitignore b/examples/forwarder-tf-module/.gitignore
@@ -0,0 +1 @@
+.terraform.lock.hcl
diff --git a/examples/forwarder-tf-module/.terraform.lock.hcl b/examples/forwarder-tf-module/.terraform.lock.hcl
diff --git a/examples/forwarder-tf-module/main.tf b/examples/forwarder-tf-module/main.tf
@@ -1,6 +1,6 @@
 resource "axiom_dataset" "lambda_forwarder" {
   name        = "cloudwatch-lambda"
-  description = "[islam] test"
+  description = "Test"
 }
 
 module "forwarder" {
@@ -22,7 +22,6 @@ module "listener" {
   prefix               = "axiom-cloudwatch-tf-test"
   forwarder_lambda_arn = module.forwarder.lambda_arn
   log_groups_prefix    = "/aws/lambda/"
-  enable_cloudtrail    = false
 }
 
 output "log_group_names" {

diff --git a/modules/forwarder/README.md b/modules/forwarder/README.md
@@ -6,9 +6,9 @@ Forward logs from AWS Cloudwatch to Axiom.
 
 ```hcl
 module "forwarder" {
-  source           = "https://github.com/axiomhq/axiom-cloudwatch-forwarder/tree/main/modules/forwarder"
-  prefix           = "axiom-cloudwatch-forwarder"
-  axiom_dataset    = "DATASET_NAME"
-  axiom_token      = "xaat-***"
+  source        = "https://github.com/axiomhq/axiom-cloudwatch-forwarder/tree/main/modules/forwarder"
+  prefix        = "axiom-cloudwatch-forwarder"
+  axiom_dataset = "DATASET_NAME"
+  axiom_token   = "xaat-***"
 }
 ```
diff --git a/modules/forwarder/forwarder.tf b/modules/forwarder/forwarder.tf
@@ -1,6 +1,6 @@
 resource "aws_lambda_function" "forwarder" {
-  s3_bucket     = var.forwarder_bucket
-  s3_key        = "axiom-cloudwatch-forwarder/v${var.forwarder_version}/forwarder.zip"
+  s3_bucket     = var.lambda_zip_bucket
+  s3_key        = "axiom-cloudwatch-forwarder/v${var.lambda_zip_version}/forwarder.zip"
   function_name = "${var.prefix}-forwarder"
   logging_config {
     log_format = "JSON"
@@ -57,7 +57,6 @@ resource "aws_cloudwatch_log_group" "forwarder" {
   }
 }
 
-
 resource "aws_lambda_permission" "allow_cloudwatch" {
   statement_id  = "AllowExecutionFromCloudWatch"
   action        = "lambda:InvokeFunction"

diff --git a/modules/forwarder/variables.tf b/modules/forwarder/variables.tf
@@ -1,33 +1,34 @@
-variable "axiom_dataset" {
+variable "prefix" {
   type        = string
-  description = "Axiom dataset to forward logs to"
+  description = "Prefix for resources, defaults to axiom-cloudwatch"
+  default     = "axiom-cloudwatch"
 }
 
-variable "axiom_token" {
+variable "lambda_zip_bucket" {
   type        = string
-  description = "Axiom token for the dataset"
+  description = "Name of the S3 bucket where Lambda code is stored"
+  default     = "axiom-cloudformation"
 }
 
-variable "axiom_url" {
+variable "lambda_zip_version" {
   type        = string
-  description = "Axiom's API URL"
-  default     = "https://api.axiom.co"
+  description = "Version of the Axiom Lambda"
+  default     = "1.2.0"
 }
 
-variable "prefix" {
+variable "axiom_dataset" {
   type        = string
-  default     = "axiom-cloudwatch"
-  description = "prefix for resources, defaults to axiom-cloudwatch"
+  description = "Axiom dataset to forward logs to"
 }
 
-variable "forwarder_bucket" {
+variable "axiom_token" {
   type        = string
-  default     = "axiom-cloudformation"
-  description = "name of the S3 bucket where Forwarder Lambda code is stored"
+  description = "Axiom token for the dataset"
 }
 
-variable "forwarder_version" {
+variable "axiom_url" {
   type        = string
-  default     = "1.2.0"
-  description = "Version of the Axiom CloudWatch Forwarder Lambda"
+  description = "Axiom's API URL"
+  default     = "https://api.axiom.co"
 }
+
diff --git a/modules/listener/README.md b/modules/listener/README.md
@@ -6,8 +6,8 @@ This module sets up a lambda function that listens to Cloudwatch logs and subscr
 
 ```hcl
 module "listener" {
-  source           = "https://github.com/axiomhq/axiom-cloudwatch-forwarder/tree/main/modules/listener"
-  prefix           = "axiom-cloudwatch-forwarder"
+  source               = "https://github.com/axiomhq/axiom-cloudwatch-forwarder/tree/main/modules/listener"
+  prefix               = "axiom-cloudwatch-forwarder"
   forwarder_lambda_arn = module.forwarder.lambda_arn
   log_groups_prefix    = "/aws/lambda/"
 }

diff --git a/modules/listener/listener.tf b/modules/listener/listener.tf
@@ -1,31 +1,6 @@
-data "aws_iam_policy_document" "listener" {
-  statement {
-    actions = [
-      "logs:DescribeSubscriptionFilters",
-      "logs:DeleteSubscriptionFilter",
-      "logs:PutSubscriptionFilter",
-      "logs:DescribeLogGroups",
-      "logs:CreateLogStream",
-      "logs:PutLogEvents",
-      "lambda:AddPermission",
-      "lambda:RemovePermission",
-      "lambda:InvokeFunction",
-      "lambda:GetFunction",
-      "logs:DescribeLogStreams",
-      "logs:DescribeSubscriptionFilters",
-      "logs:FilterLogEvents",
-      "logs:GetLogEvents",
-      "logs:CreateLogStream",
-      "logs:PutLogEvents"
-    ]
-
-    resources = ["*"]
-  }
-}
-
 resource "aws_lambda_function" "listener" {
-  s3_bucket     = var.forwarder_bucket
-  s3_key        = "axiom-cloudwatch-forwarder/v${var.forwarder_version}/forwarder.zip"
+  s3_bucket     = var.lambda_zip_bucket
+  s3_key        = "axiom-cloudwatch-forwarder/v${var.lambda_zip_version}/forwarder.zip"
   function_name = "${var.prefix}-listener"
   description   = "Axiom CloudWatch Automatic log groups listener lambda"
   logging_config {
@@ -74,27 +49,42 @@ resource "aws_iam_role" "listener" {
     ]
   })
 
-  managed_policy_arns = [
-    aws_iam_policy.listener.arn
-  ]
-
   tags = {
     PartOf    = var.prefix
     Platform  = "Axiom"
     Component = "axiom-cloudwatch-listener"
   }
 }
 
-resource "aws_iam_policy" "listener" {
-  name   = "${var.prefix}-listener-lambda-policy"
-  path   = "/"
-  policy = data.aws_iam_policy_document.listener.json
-  tags = {
-    PartOf    = var.prefix
-    Platform  = "Axiom"
-    Component = "axiom-cloudwatch-listener"
+data "aws_iam_policy_document" "listener" {
+  statement {
+    actions = [
+      "logs:DescribeSubscriptionFilters",
+      "logs:DeleteSubscriptionFilter",
+      "logs:PutSubscriptionFilter",
+      "logs:DescribeLogGroups",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "lambda:AddPermission",
+      "lambda:RemovePermission",
+      "lambda:InvokeFunction",
+      "lambda:GetFunction",
+      "logs:DescribeLogStreams",
+      "logs:DescribeSubscriptionFilters",
+      "logs:FilterLogEvents",
+      "logs:GetLogEvents",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents"
+    ]
+
+    resources = ["*"]
   }
 }
+resource "aws_iam_role_policy" "listener" {
+  name   = "default"
+  role   = aws_iam_role.listener.id
+  policy = data.aws_iam_policy_document.listener.json
+}
 
 resource "aws_cloudwatch_log_group" "listener" {
   name              = "/aws/axiom/${var.prefix}-listener"

diff --git a/modules/listener/variables.tf b/modules/listener/variables.tf
@@ -1,28 +1,28 @@
 variable "prefix" {
   type        = string
   default     = "axiom-cloudwatch"
-  description = "prefix for resources, defaults to axiom-cloudwatch"
+  description = "Prefix for resources, defaults to axiom-cloudwatch"
 }
 
-variable "forwarder_lambda_arn" {
+variable "lambda_zip_bucket" {
   type        = string
-  description = "The ARN of the Lambda function that forwards logs to Axiom"
+  description = "Name of the S3 bucket where Lambda code is stored"
+  default     = "axiom-cloudformation"
 }
 
-variable "log_groups_prefix" {
+variable "lambda_zip_version" {
   type        = string
-  description = "The prefix of the CloudWatch log groups that will trigger the Axiom CloudWatch Forwarder Lambda."
-  default     = ""
+  description = "Version of the Axiom Lambda"
+  default     = "1.2.0"
 }
 
-variable "forwarder_bucket" {
+variable "forwarder_lambda_arn" {
   type        = string
-  default     = "axiom-cloudformation"
-  description = "name of the S3 bucket where Forwarder Lambda code is stored"
+  description = "The ARN of the Lambda function that forwards logs to Axiom"
 }
 
-variable "forwarder_version" {
+variable "log_groups_prefix" {
   type        = string
-  default     = "1.2.0"
-  description = "Version of the Axiom CloudWatch Forwarder Lambda"
+  description = "The prefix of the CloudWatch log groups that will trigger the Axiom CloudWatch Forwarder Lambda"
+  default     = ""
 }
diff --git a/modules/subscriber/README.md b/modules/subscriber/README.md
@@ -6,9 +6,9 @@ Creates a Lambda function that subscribers the Forwarder to AWS Cloudwatch log g
 
 ```hcl
 module "subscriber" {
-  source           = "https://github.com/axiomhq/axiom-cloudwatch-forwarder/tree/main/modules/subscriber"
-  prefix           = "axiom-cloudwatch-forwarder"
-  axiom_dataset    = "DATASET_NAME"
+  source               = "https://github.com/axiomhq/axiom-cloudwatch-forwarder/tree/main/modules/subscriber"
+  prefix               = "axiom-cloudwatch-forwarder"
+  axiom_dataset        = "DATASET_NAME"
   log_groups_prefix    = "/aws/lambda/"
   forwarder_lambda_arn = module.forwarder.lambda_arn
 }