Open Source Ecosystems

This module configures query logging on an existing Route53 hosted zone.

NOTE: AWS only supports sending Route53 logs in us-east-1 so we must create all the resources in that region.

In order to use this module, you will need to define a us-east-1 provider using the following code:

provider "aws" {
  alias  = "us-east-1"
  region = "us-east-1"
}

ADDITIONAL NOTE: There is a limit of ten Cloudwatch log resource policies an AWS account can have in place. If you plan to have several instances of this module, it is recommended that only one should have create_resource_policy set to true and the others to false.

Creates the following resources:

CloudWatch log group for storing Route53 query logs
IAM Policy for allowing logs to be written
Route53 query logging service

Usage

module "r53_query_logging" {
  source  = "trussworks/route53-query-logs/aws"
  version = "~> 3.0.0"

  providers = {
    aws.us-east-1 = aws.us-east-1
  }

  logs_cloudwatch_retention = 30
  zone_id                   = aws_route53_zone.my_zone.zone_id
}

Requirements

Name	Version
terraform	>= 1.0
aws	>= 3.0

Providers

Name	Version
aws	>= 3.0
aws.us-east-1	>= 3.0

Modules

No modules.

Resources

Name	Type
aws_cloudwatch_log_group.main	resource
aws_cloudwatch_log_resource_policy.main	resource
aws_route53_query_log.main	resource
aws_iam_policy_document.main	data source
aws_route53_zone.main	data source

Inputs

Name	Description	Type	Default	Required
create_resource_policy	Specifies whether the module should create the resource policy.	`bool`	`true`	no
logs_cloudwatch_retention	Specifies the number of days you want to retain log events in the log group.	`string`	`90`	no
zone_id	Route53 zone ID.	`string`	n/a	yes