From f8a984c5bdd84bbe47f76266d78d1e1b7825173e Mon Sep 17 00:00:00 2001
From: Arnold Sobanski <arnold.sobanski@l4g.eu>
Date: Fri, 11 Aug 2023 14:39:18 +0100
Subject: [PATCH] chaneges at cloudwatch parameters

---
 README.md       |  4 ++--
 logs.tf         |  7 ++++---
 main.tf         |  2 +-
 task-builder.tf | 38 ++++++++++++++++++--------------------
 variables.tf    | 27 +++++++++++++++++++++++----
 5 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/README.md b/README.md
index e11d801..1715e04 100755
--- a/README.md
+++ b/README.md
@@ -238,19 +238,19 @@ module "asset-workers" {
 | <a name="input_aws_alb_listener_rule_conditions"></a> [aws\_alb\_listener\_rule\_conditions](#input\_aws\_alb\_listener\_rule\_conditions) | Example [{ type = "host\_header", values = ["google.com"] }, { type = "path\_pattern", values = ["/"] }] | <pre>list(object({<br>    type   = string<br>    values = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_aws_alb_listener_rule_conditions_advanced"></a> [aws\_alb\_listener\_rule\_conditions\_advanced](#input\_aws\_alb\_listener\_rule\_conditions\_advanced) | A list of maps describing the conditions of the rule. The order in which conditions are specified is not significant. Any condition block with a type of path-pattern or host-header must include a values block. For any other condition type, only one values block can be specified. For more information, see the AWS documentation on Listener Rules. Example: | <pre>list(object({<br>    name = string<br>    rules = list(object({<br>      type             = string<br>      values           = list(string)<br>      http_header_name = optional(string, null)<br>    }))<br>    auth = optional(object({<br>      type                                = string<br>      authorization_endpoint              = optional(string, null)       # oidc<br>      client_id                           = optional(string, null)       # oidc<br>      client_secret                       = optional(string, null)       # oidc<br>      issuer                              = optional(string, null)       # oidc<br>      token_endpoint                      = optional(string, null)       # oidc<br>      user_info_endpoint                  = optional(string, null)       # oidc<br>      authentication_request_extra_params = optional(list(string), null) # cognito<br>      on_unauthenticated_request          = optional(string, null)       # cognito<br>      scope                               = optional(string, null)       # cognito<br>      session_cookie_name                 = optional(string, null)       # cognito<br>      session_timeout                     = optional(number, null)       # cognito<br>      user_pool_arn                       = optional(string, null)       # cognito<br>      user_pool_client_id                 = optional(string, null)       # cognito<br>      user_pool_domain                    = optional(string, null)       # cognito<br>    }), null)<br>  }))</pre> | `null` | no |
 | <a name="input_capacity_provider_strategy"></a> [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | n/a | <pre>list(object({<br>    capacity_provider = string<br>    weight            = optional(number, 1)<br>    base              = optional(number, 0)<br>  }))</pre> | `[]` | no |
+| <a name="input_cloudwatch_logs"></a> [cloudwatch\_logs](#input\_cloudwatch\_logs) | Cloudwatch logs configuration | <pre>object({<br>    enabled           = optional(bool, true)<br>    retention_in_days = optional(number, 30)<br>  })</pre> | <pre>{<br>  "enabled": true,<br>  "retention_in_days": 30<br>}</pre> | no |
 | <a name="input_cron"></a> [cron](#input\_cron) | Allows to set cron jobs using aws event bridge please check examples | <pre>object({<br>    settings = list(object({<br>      name                = string<br>      args                = list(string)<br>      schedule_expression = string<br>      desired_count       = optional(number, 1)<br>    })),<br>    execution_script = list(string)<br>  })</pre> | `null` | no |
 | <a name="input_deployment"></a> [deployment](#input\_deployment) | Desired count will be ignored after first deployment | <pre>object({<br>    first_deployment_desired_count = optional(number, 1) # I have no idea<br>    minimum_healthy_percent        = optional(number, 50)<br>    maximum_healthy_percent        = optional(number, 200)<br>    enable_asg                     = optional(bool, false)<br>    auto_scaling = optional(object({<br>      minimum = number<br>      maximum = number<br>      rules = list(object({<br>        name                = string<br>        metric              = string<br>        metric_period       = number<br>        cooldown            = number<br>        threshold           = number<br>        period              = number<br>        comparison_operator = string<br>        statistic           = string<br>        evaluation_periods  = number<br>        scaling_adjustment  = number<br>      }))<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_docker_labels"></a> [docker\_labels](#input\_docker\_labels) | Docker labels to be added to the container. The labels map is a set of key/value pairs. Application container is named var.application\_config.name .To add labels to webserver you have to set container\_name to webserver name for example nginx. | <pre>list(object({<br>    container_name = string<br>    labels         = optional(map(string), {})<br>  }))</pre> | `[]` | no |
 | <a name="input_ecs_settings"></a> [ecs\_settings](#input\_ecs\_settings) | n/a | <pre>object({<br>    ecs_launch_type  = string,<br>    ecs_cluster_name = string,<br>    run_type         = string,<br>  })</pre> | n/a | yes |
 | <a name="input_enable_code_build"></a> [enable\_code\_build](#input\_enable\_code\_build) | Enable code build | `bool` | `false` | no |
-| <a name="input_fargate_datadog_sidecar_parameters"></a> [fargate\_datadog\_sidecar\_parameters](#input\_fargate\_datadog\_sidecar\_parameters) | n/a | <pre>object({<br>    image   = string<br>    dd_site = string<br>    key     = string<br>  })</pre> | <pre>{<br>  "dd_site": "datadoghq.eu",<br>  "image": "public.ecr.aws/datadog/agent:latest",<br>  "key": null<br>}</pre> | no |
+| <a name="input_fargate_datadog_sidecar_parameters"></a> [fargate\_datadog\_sidecar\_parameters](#input\_fargate\_datadog\_sidecar\_parameters) | n/a | <pre>object({<br>    image   = optional(string, "public.ecr.aws/datadog/agent:latest")<br>    dd_site = optional(string, "datadoghq.eu")<br>    key     = string<br>  })</pre> | <pre>{<br>  "dd_site": "datadoghq.eu",<br>  "image": "public.ecr.aws/datadog/agent:latest",<br>  "key": null<br>}</pre> | no |
 | <a name="input_health_checks"></a> [health\_checks](#input\_health\_checks) | Health check configuration for the service. | <pre>list(object({<br>    enabled             = optional(bool, true)<br>    healthy_threshold   = number<br>    interval            = number<br>    matcher             = string<br>    path                = string<br>    timeout             = number<br>    unhealthy_threshold = number<br>  }))</pre> | <pre>[<br>  {<br>    "enabled": true,<br>    "healthy_threshold": 5,<br>    "interval": 10,<br>    "matcher": 200,<br>    "path": "/",<br>    "timeout": 10,<br>    "unhealthy_threshold": 5<br>  }<br>]</pre> | no |
 | <a name="input_list_of_secrets_in_secrets_manager_to_load"></a> [list\_of\_secrets\_in\_secrets\_manager\_to\_load](#input\_list\_of\_secrets\_in\_secrets\_manager\_to\_load) | List of names of secret manager secrets to load by theirs name. Module will load all secrets from secret manager and put them to envs. | `set(string)` | `[]` | no |
 | <a name="input_network_lb"></a> [network\_lb](#input\_network\_lb) | Network load balancer configuration | <pre>object({<br>    nlb_arn = string,<br>    port_configuration = set(object({<br>      protocol = string,<br>      port     = number<br>    }))<br>  })</pre> | <pre>{<br>  "nlb_arn": "",<br>  "port_configuration": []<br>}</pre> | no |
 | <a name="input_network_mode"></a> [network\_mode](#input\_network\_mode) | The network mode to use for the tasks. The valid values are awsvpc, bridge, host, and none. If no network mode is specified, the default is bridge. | `string` | `null` | no |
 | <a name="input_ordered_placement_strategy"></a> [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html | <pre>list(object({<br>    type  = string<br>    field = optional(string, null)<br>  }))</pre> | <pre>[<br>  {<br>    "field": "attribute:ecs.availability-zone",<br>    "type": "spread"<br>  }<br>]</pre> | no |
 | <a name="input_placement_constraints"></a> [placement\_constraints](#input\_placement\_constraints) | Placement constraints for the task | <pre>list(object({<br>    type       = string<br>    expression = string<br>  }))</pre> | `[]` | no |
-| <a name="input_retention_in_days"></a> [retention\_in\_days](#input\_retention\_in\_days) | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. | `number` | `30` | no |
 | <a name="input_scheduling_strategy"></a> [scheduling\_strategy](#input\_scheduling\_strategy) | Scheduling strategy to use for the service.  The valid values are REPLICA and DAEMON. Defaults to REPLICA. Note that Tasks using the Fargate launch type or the CODE\_DEPLOY or EXTERNAL deployment controller types don't support the DAEMON scheduling strategy. | `string` | `"REPLICA"` | no |
 | <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | Setting requires network\_mode to be set to awsvpc. | `list(string)` | `[]` | no |
 | <a name="input_service_policy"></a> [service\_policy](#input\_service\_policy) | please use aws\_iam\_policy\_document to define your policy | `string` | `""` | no |
diff --git a/logs.tf b/logs.tf
index 48a6faa..dec6d16 100644
--- a/logs.tf
+++ b/logs.tf
@@ -1,14 +1,15 @@
 #tfsec:ignore:aws-cloudwatch-log-group-customer-key
 resource "aws_cloudwatch_log_group" "task_log_group" {
+  count             = var.cloudwatch_logs.enabled ? 1 : 0
   name              = "/ecs/${lower(var.ecs_settings.run_type)}/${var.application_config.environment}-${var.application_config.name}"
-  retention_in_days = var.retention_in_days
+  retention_in_days = var.cloudwatch_logs.retention_in_days
   tags              = local.tags
 }
 
 #tfsec:ignore:aws-cloudwatch-log-group-customer-key
 resource "aws_cloudwatch_log_group" "task_log_group_webserver" {
-  count             = var.web_server.enabled != null ? 1 : 0
+  count             = var.web_server.enabled != null || var.cloudwatch_logs.enabled ? 1 : 0
   name              = "/ecs/${lower(var.ecs_settings.run_type)}/${var.application_config.environment}-${var.application_config.name}-${var.web_server.name}"
-  retention_in_days = var.retention_in_days
+  retention_in_days = var.cloudwatch_logs.retention_in_days
   tags              = local.tags
 }
diff --git a/main.tf b/main.tf
index 9fb4bb7..21fa124 100644
--- a/main.tf
+++ b/main.tf
@@ -32,6 +32,6 @@ locals {
     WORKER = [local.worker_standard_container_configuration],
     CRON   = [local.worker_standard_container_configuration],
   }
-  datadog_sidecar               = concat([local.datadog_fargate_sidecar], [local.task_app_configuration[var.ecs_settings.run_type]])
+  datadog_sidecar               = concat([local.datadog_fargate_sidecar], local.task_app_configuration[var.ecs_settings.run_type])
   running_container_definitions = var.ecs_settings.ecs_launch_type == "FARGATE" && var.fargate_datadog_sidecar_parameters.key != null ? jsonencode(local.datadog_sidecar) : jsonencode(local.task_app_configuration[var.ecs_settings.run_type])
 }
diff --git a/task-builder.tf b/task-builder.tf
index 451312d..0660a49 100644
--- a/task-builder.tf
+++ b/task-builder.tf
@@ -43,7 +43,7 @@ locals {
   log_configuration = {
     logDriver = "awslogs",
     options = {
-      awslogs-group         = aws_cloudwatch_log_group.task_log_group.name,
+      awslogs-group         = aws_cloudwatch_log_group.task_log_group[0].name,
       awslogs-region        = data.aws_region.current.name,
       awslogs-create-group  = "true",
       awslogs-stream-prefix = "ecs",
@@ -78,12 +78,14 @@ locals {
   }
 
   datadog_fargate_sidecar = {
-    name  = "datadog"
-    image = var.fargate_datadog_sidecar_parameters.image,
+    name             = "datadog"
+    image            = var.fargate_datadog_sidecar_parameters.image,
+    logConfiguration = local.log_configuration
+
     environment = [
       {
         name  = "DD_API_KEY"
-        value = var.fargate_datadog_sidecar_parameters
+        value = var.fargate_datadog_sidecar_parameters.key
       },
       {
         name  = "ECS_FARGATE",
@@ -92,30 +94,26 @@ locals {
       {
         name  = "DD_SITE"
         value = var.fargate_datadog_sidecar_parameters.dd_site
+      },
+      {
+        name  = "DD_APM_ENABLED"
+        value = "true"
       }
     ],
+    #    healthCheck = {
+    #      retries     = "3",
+    #      command     = ["CMD-SHELL", "agent health"],
+    #      timeout     = 5,
+    #      interval    = 30,
+    #      startPeriod = 15
+    #    }
+
   }
   ######################## OTHER #####################
-
   environmentFiles = [
     {
       value : try("arn:aws:s3:::${var.store_secrets_at_s3.bucket_name}${aws_s3_object.secrets[0].key}", ""),
       type : "s3"
     }
   ]
-
-
-}
-
-variable "fargate_datadog_sidecar_parameters" {
-  type = object({
-    image   = string
-    dd_site = string
-    key     = string
-  })
-  default = {
-    image   = "public.ecr.aws/datadog/agent:latest",
-    dd_site = "datadoghq.eu"
-    key     = null
-  }
 }
diff --git a/variables.tf b/variables.tf
index cd0cc0e..9e1fdb4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -305,10 +305,16 @@ variable "volumes_mount_point" {
   description = "Volumes mount point at host"
 }
 
-variable "retention_in_days" {
-  type        = number
-  default     = 30
-  description = "(Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire."
+variable "cloudwatch_logs" {
+  type = object({
+    enabled           = optional(bool, true)
+    retention_in_days = optional(number, 30)
+  })
+  default = {
+    enabled           = true
+    retention_in_days = 30
+  }
+  description = "Cloudwatch logs configuration"
 }
 
 variable "ordered_placement_strategy" {
@@ -347,3 +353,16 @@ variable "capacity_provider_strategy" {
     base              = optional(number, 0)
   }))
 }
+
+variable "fargate_datadog_sidecar_parameters" {
+  type = object({
+    image   = optional(string, "public.ecr.aws/datadog/agent:latest")
+    dd_site = optional(string, "datadoghq.eu")
+    key     = string
+  })
+  default = {
+    image   = "public.ecr.aws/datadog/agent:latest",
+    dd_site = "datadoghq.eu"
+    key     = null
+  }
+}