Merge pull request #41 from AlexanderIakovlev/feature/optional_cloudwatch_logs

optional cloudwatch logs

Author: lgallard

README.md

@@ -143,6 +143,7 @@ No modules.
 | <a name="input_advanced_security_options_master_user_arn"></a> [advanced\_security\_options\_master\_user\_arn](#input\_advanced\_security\_options\_master\_user\_arn) | ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`) | `string` | `null` | no |
 | <a name="input_advanced_security_options_master_user_password"></a> [advanced\_security\_options\_master\_user\_password](#input\_advanced\_security\_options\_master\_user\_password) | The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
 | <a name="input_advanced_security_options_master_user_username"></a> [advanced\_security\_options\_master\_user\_username](#input\_advanced\_security\_options\_master\_user\_username) | The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
+| <a name="input_cloudwatch_log_enabled"></a> [cloudwatch\_log\_enabled](#input\_cloudwatch\_log\_enabled) | Change to false to avoid deploying any Cloudwatch Logs resources | `bool` | `true` | no |
 | <a name="input_cluster_config"></a> [cluster\_config](#input\_cluster\_config) | Cluster configuration of the domain | `any` | `{}` | no |
 | <a name="input_cluster_config_availability_zone_count"></a> [cluster\_config\_availability\_zone\_count](#input\_cluster\_config\_availability\_zone\_count) | Number of Availability Zones for the domain to use with | `number` | `3` | no |
 | <a name="input_cluster_config_dedicated_master_count"></a> [cluster\_config\_dedicated\_master\_count](#input\_cluster\_config\_dedicated\_master\_count) | Number of dedicated master nodes in the cluster | `number` | `3` | no |

iam.tf

@@ -1,12 +1,12 @@
 resource "aws_cloudwatch_log_group" "es_cloudwatch_log_group" {
-  count             = var.enabled ? 1 : 0
+  count             = var.enabled && var.cloudwatch_log_enabled ? 1 : 0
   name              = "${var.domain_name}-log_group"
   tags              = var.tags
   retention_in_days = var.log_publishing_options_retention
 }
 
 resource "aws_cloudwatch_log_resource_policy" "es_aws_cloudwatch_log_resource_policy" {
-  count       = var.enabled ? 1 : 0
+  count       = var.enabled && var.cloudwatch_log_enabled ? 1 : 0
   policy_name = "${var.domain_name}-policy"
 
   policy_document = <<CONFIG

main.tf

@@ -248,7 +248,7 @@ locals {
   # If no log_publishing_options list is provided, build a log_publishing_options using the default values
   log_publishing_options_default = {
     log_type                 = lookup(var.log_publishing_options, "log_type", null) == null ? var.log_publishing_options_log_type : lookup(var.log_publishing_options, "log_type")
-    cloudwatch_log_group_arn = lookup(var.log_publishing_options, "cloudwatch_log_group_arn", null) == null ? (var.log_publishing_options_cloudwatch_log_group_arn == "" && var.enabled ? aws_cloudwatch_log_group.es_cloudwatch_log_group[0].arn : var.log_publishing_options_cloudwatch_log_group_arn) : lookup(var.log_publishing_options, "cloudwatch_log_group_arn")
+    cloudwatch_log_group_arn = lookup(var.log_publishing_options, "cloudwatch_log_group_arn", null) == null ? (var.log_publishing_options_cloudwatch_log_group_arn == "" && var.enabled && var.cloudwatch_log_enabled ? aws_cloudwatch_log_group.es_cloudwatch_log_group[0].arn : var.log_publishing_options_cloudwatch_log_group_arn) : lookup(var.log_publishing_options, "cloudwatch_log_group_arn")
     enabled                  = lookup(var.log_publishing_options, "enabled", null) == null ? var.log_publishing_options_enabled : lookup(var.log_publishing_options, "enabled")
   }
 

variables.tf

@@ -24,6 +24,11 @@ variable "enabled" {
   default     = true
 }
 
+variable "cloudwatch_log_enabled" {
+  description = "Change to false to avoid deploying any Cloudwatch Logs resources"
+  type        = bool
+  default     = true
+}
 
 # Advanced security options
 variable "advanced_security_options" {