Merge pull request #1 from bailey84j/PC-Initial

feat: initial

README.md

@@ -8,7 +8,7 @@ Terraform module which deploys AWS Load Balancer Controller
 
 ## Examples
 
-- [Standard](https://github.com/bailey84j/terraform-kubernetes-cloudwatch-agent/tree/master/examples/standard): Deploying AWS Load Balancer Controller using the default settings
+- [Standard](https://github.com/bailey84j/terraform-kubernetes-cloudwatch-agent/tree/master/examples/standard): Deploying AWS Cloud Watch Agent using the default settings
 - [Custom](https://github.com/bailey84j/terraform-kubernetes-cloudwatch-agent/tree/master/examples/custom): Customising the deployment to use a different name and namespace 
 
 ## Contributing
@@ -24,14 +24,15 @@ Full contributing [guidelines are covered here](https://github.com/bailey84j/ter
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.8 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.63 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.0 |
-| <a name="provider_template"></a> [template](#provider\_template) | n/a |
+| <a name="provider_template"></a> [template](#provider\_template) | >= 2.2.0 |
 
 ## Modules
 
@@ -50,7 +51,6 @@ No modules.
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_eks_cluster.target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.eks_oidc_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [template_file.this](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
@@ -61,7 +61,6 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_create_iam_role"></a> [create\_iam\_role](#input\_create\_iam\_role) | Determines whether a an IAM role is created or to use an existing IAM role for the cloudwatch agent | `bool` | `true` | no |
 | <a name="input_eks_cluster_name"></a> [eks\_cluster\_name](#input\_eks\_cluster\_name) | The name of the target Kubernetes Cluster | `string` | n/a | yes |
-| <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `list(string)` | `[]` | no |
 | <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | Existing IAM role ARN for the cloudwatch agent. Required if `create_iam_role` is set to `false` | `string` | `null` | no |
 | <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `"Permissions required by the Kubernetes Cloudwatch to do it's job."` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no |

data.tf

@@ -1,32 +1,11 @@
-// region AWS Data Resources
+# region AWS Data Resources
 data "aws_region" "current" {}
 
-// region EKS Data Resources
+# region EKS Data Resources
 data "aws_eks_cluster" "target" {
   name = var.eks_cluster_name
 }
 
 data "aws_partition" "current" {}
 
-
-data "aws_iam_policy_document" "eks_oidc_assume_role" {
-  statement {
-    actions = ["sts:AssumeRoleWithWebIdentity"]
-    effect  = "Allow"
-    condition {
-      test     = "StringEquals"
-      variable = "${replace(data.aws_eks_cluster.target.identity[0].oidc[0].issuer, "https://", "")}:sub"
-      values = [
-        "system:serviceaccount:${var.namespace}:${var.name}"
-      ]
-    }
-    principals {
-      identifiers = [
-        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${replace(data.aws_eks_cluster.target.identity[0].oidc[0].issuer, "https://", "")}"
-      ]
-      type = "Federated"
-    }
-  }
-}
-
-data "aws_caller_identity" "current" {}
+data "aws_caller_identity" "current" {}

examples/custom/main.tf

@@ -26,6 +26,8 @@ provider "kubernetes" {
 module "k8s_cloudwatch_agent" {
   source = "../../"
 
+  eks_cluster_name = local.k8s_cluster_name
+
   name = "different-app-name"
 
   namespace = "different-namespace"

examples/standard/main.tf

@@ -25,4 +25,6 @@ provider "kubernetes" {
 
 module "k8s_cloudwatch_agent" {
   source = "../../"
+
+  eks_cluster_name = local.k8s_cluster_name
 }

main.tf

@@ -74,7 +74,7 @@ resource "kubernetes_cluster_role_binding" "this" {
 }
 
 data "template_file" "this" {
-  template = file("${path.module}/cloudwatch/config.tpl")
+  template = file("${path.module}/templates/config.tpl")
   vars = {
     region_name  = data.aws_region.current.name
     cluster_name = data.aws_eks_cluster.target.name
@@ -270,8 +270,7 @@ resource "kubernetes_daemonset" "this" {
 # region aws iam role
 
 locals {
-  iam_role_name     = coalesce(var.iam_role_name, "${var.eks_cluster_name}-${var.name}")
-  policy_arn_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
+  iam_role_name = coalesce(var.iam_role_name, "${var.eks_cluster_name}-${var.name}")
 }
 # to be updated
 data "aws_iam_policy_document" "assume_role_policy" {
@@ -313,24 +312,24 @@ resource "aws_iam_role" "this" {
     name = "DescribeEC2TagsAndVolumes"
 
     policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "ec2:DescribeTags",
-          "ec2:DescribeVolumes",
-        ]
-        "Resource" : "*"
-      }
-    ]
-  })
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Effect" : "Allow",
+          "Action" : [
+            "ec2:DescribeTags",
+            "ec2:DescribeVolumes",
+          ]
+          "Resource" : "*"
+        }
+      ]
+    })
   }
 
   managed_policy_arns = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"]
 
   tags = merge(var.tags, var.iam_role_tags)
-  
+
 }
 
 # endregion aws iam role

templates/config.tpl

@@ -0,0 +1,14 @@
+{
+  "agent": {
+    "region": "${region_name}"
+  },
+  "logs": {
+    "metrics_collected": {
+      "kubernetes": {
+        "cluster_name": "${cluster_name}",
+        "metrics_collection_interval": 60
+      }
+    },
+    "force_flush_interval": 5
+  }
+}

variables.tf

@@ -16,31 +16,31 @@ variable "prefix_separator" {
 # Cloudwatch
 ################################################################################
 variable "name" {
-    description = "The name of the cloudwatch deployment"
+  description = "The name of the cloudwatch deployment"
   type        = string
-    default = "cloudwatch"
-  
+  default     = "cloudwatch"
+
 }
 
 variable "namespace" {
-      description = "The name of the cloudwatch deployment"
+  description = "The name of the cloudwatch deployment"
   type        = string
-    default = "kube-system"
-  
+  default     = "kube-system"
+
 }
 
 variable "image_name" {
-      description = "The name of the cloudwatch container image"
+  description = "The name of the cloudwatch container image"
   type        = string
-    default = "cloudwatch-agent"
-  
+  default     = "cloudwatch-agent"
+
 }
 
 variable "image_version" {
-      description = "The name of the cloudwatch container image version"
+  description = "The name of the cloudwatch container image version"
   type        = string
-    default = "1.247349.0b251399"
-  
+  default     = "1.247349.0b251399"
+
 }
 
 ################################################################################
@@ -88,13 +88,13 @@ variable "iam_role_permissions_boundary" {
   type        = string
   default     = null
 }
-
+/*
 variable "iam_role_additional_policies" {
   description = "Additional policies to be added to the IAM role"
   type        = list(string)
   default     = []
 }
-
+*/
 variable "iam_role_tags" {
   description = "A map of additional tags to add to the IAM role created"
   type        = map(string)
@@ -107,5 +107,5 @@ variable "iam_role_tags" {
 
 variable "eks_cluster_name" {
   description = "The name of the target Kubernetes Cluster"
-  type        = string  
+  type        = string
 }

versions.tf

@@ -1,6 +1,6 @@
 terraform {
   required_version = ">= 0.14.8"
-  
+
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
@@ -10,5 +10,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 3.63"
     }
+    template = {
+      source  = "hashicorp/template"
+      version = ">= 2.2.0"
+    }
   }
 }