Logging and role configuration speerated

2022-12-16 22:05:21 -08:00 · 2022-12-16 22:05:21 -08:00 · fafaae4ba7
commit fafaae4ba7
parent 791d950821
2 changed files with 52 additions and 0 deletions
--- a/infra/cluster-logging.tf
+++ b/infra/cluster-logging.tf
@ -0,0 +1,28 @@
+# Logging Configuration for services inside the cluster
+#######################################################
+
+# Alpha Cloudwatch logging configuration
+########################################
+resource "aws_cloudwatch_log_group" "alpha" {
+  name = "${var.athens_prefix}-alpha-log"
+  retention_in_days = 7
+}
+
+# Alpha logging role 
+#####################
+resource "aws_iam_role" "alpha_iam_role" {
+  name = "${var.athens_prefix}-alpha-iam-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Principal = {
+          Service = [ "ecs-tasks.amazonaws.com" ]
+        }
+        Effect = "Allow"
+      }
+    ]
+  })
+}
+
--- a/infra/roles.tf
+++ b/infra/roles.tf
@ -0,0 +1,24 @@
+resource "aws_iam_policy" "alpha_iam_policy" {
+  name = "${var.athens_prefix}-alpha-iam-policy"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:DescribeLogStreams",
+          "logs:PutLogEvents",
+        ]
+        "Resource" = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "alpha_logs" {
+  role        = aws_iam_role.alpha_iam_role.name
+  policy_arn  = aws_iam_policy.alpha_iam_policy.arn
+}
+