Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform support #374

Open
bryantbiggs opened this issue Oct 16, 2020 · 1 comment
Open

Terraform support #374

bryantbiggs opened this issue Oct 16, 2020 · 1 comment
Labels
rds related to the rds_enhanced_monitoring function vpc

Comments

@bryantbiggs
Copy link

bryantbiggs commented Oct 16, 2020
edited
Loading

Hello! I have created a Terraform module(s) which supports the functionality you all have created here (plus the ability to create the VPC PrivateLink endpoints):

Everything works great with the log forwarder (logs_monitoring) since the forwarder's lambda zip archive is packaged and hosted with each release. However, Terraform does work great with dynamic files, especially when downloading and zipping - within ephemeral environments like CI/CD these files will not always be present and this throws a wrench in the process when checking state for changes/etc. For now I have found a workaround for the VPC Flow Log forwarder and RDS Enhanced Monitoring forwarder by basically vendoring the Lambda files as local zip archives that can be referenced by the modules:

This works but its not great for a few reasons:

  1. I personally don't think its a great idea that users "trust" that these archives do not contain malicious code. Its very easy and simple to inspect as they are simple python scripts. However, its still not ideal
  2. I have only added support v3.x for simplicity currently. However, others might be using earlier versions
  3. I must manually re-run the script if you all publish a new version here before users can utilize this new version. Ideally this would be transparent and any versions you all release here would simply be referenced and used by the modules themselves

Would it be possible to start packaging the VPC Flow Log forwarder and RDS Enhanced Monitoring forwarder as zip archives in the releases? I didn't see any release workflows in the GitHub actions folder otherwise I would have looked at opening a PR myself to try adding this. Let me know your thoughts - and thank you!
image
@bryantbiggs
Copy link
Author

any thoughts on this?

@agocs agocs added rds related to the rds_enhanced_monitoring function vpc labels Jul 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
rds related to the rds_enhanced_monitoring function vpc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agocs @bryantbiggs