scribd · jim80net · Apr 30, 2020 · Apr 30, 2020 · Apr 30, 2020 · Apr 30, 2020
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+*.zip filter=lfs diff=lfs merge=lfs -text
diff --git a/.github/workflows/validate_and_release.yml b/.github/workflows/validate_and_release.yml
@@ -7,7 +7,6 @@ on:
 jobs:
   terraform:
     name: 'Terraform'
-    id: terraform
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout'

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# [1.3.0-alpha.1](https://github.com/scribd/terraform-elasticache-slowlog-to-datadog/compare/v1.2.1...v1.3.0-alpha.1) (2020-04-30)
+
+
+### Bug Fixes
+
+* give up on using null_resource to save on shipping a binary ([8144204](https://github.com/scribd/terraform-elasticache-slowlog-to-datadog/commit/814420446e1bad24edc00867659550b0e3a98370))
+
+
+### Features
+
+* enable multiple invocations of the module in a single account ([9a7a764](https://github.com/scribd/terraform-elasticache-slowlog-to-datadog/commit/9a7a7648c3929e3e3a9f0c06a6f0b03cd644eca8))
+
 ## [1.2.1](https://github.com/scribd/terraform-elasticache-slowlog-to-datadog/compare/v1.2.0...v1.2.1) (2020-04-29)
 
 

diff --git a/files/slowlog_check.1.0.1.zip b/files/slowlog_check.1.0.1.zip
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,10 @@
+locals {
+  slowlog_check_archive_basename = "slowlog_check.1.0.1.zip"
+  slowlog_check_archive_hash     = "Xn5bMbrSmVqdHMjchEAk/r2TJT6cHdQfIXRIaZo7vdQ=" # generated with filebase64sha256()
+  slowlog_check_archive_path     = "${path.module}/files/${local.slowlog_check_archive_basename}"
+
+  search_replication_group    = "(?P<first>[0-9A-Za-z_-]+)\\.(?P<second>[0-9A-Za-z_-]+)\\.{0,1}(?P<third>[0-9A-Za-z_]*)\\.(?P<region>[0-9A-Za-z_-]+)\\.cache\\.amazonaws\\.com:{0,1}(?P<port>[0-9]*)"
+  parsed_elasticache_endpoint = regex(local.search_replication_group, var.elasticache_endpoint)
+  # https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Endpoints.html
+  replication_group = contains(["clustercfg", "master"], local.parsed_elasticache_endpoint["first"]) ? local.parsed_elasticache_endpoint["second"] : local.parsed_elasticache_endpoint["first"]
+}
diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
 resource aws_cloudwatch_event_rule slowlog_check {
   name_prefix         = "slowlog_check_every_minute"
-  description         = "Check for slowlogs every five minutes"
+  description         = "Check for slowlogs every minute"
   schedule_expression = "rate(1 minute)"
   tags                = var.tags
 }
@@ -20,7 +20,7 @@ resource aws_lambda_permission slowlog_check {
 
 
 resource aws_iam_role slowlog_check {
-  name = "slowlog_check"
+  name_prefix = "slowlog_check"
 
   assume_role_policy = <<EOF
 {
@@ -40,7 +40,7 @@ EOF
 }
 
 resource aws_iam_policy slowlog_check {
-  name        = "slowlog_check"
+  name_prefix = "slowlog_check"
   path        = "/"
   description = "This IAM policy allows the slowlog_check to run"
 
@@ -94,23 +94,16 @@ resource aws_security_group egress {
   tags = var.tags
 }
 
-resource null_resource get_slowlog_check_archive {
-  provisioner local-exec {
-    command     = "wget https://github.com/scribd/elasticache-slowlog-to-datadog/releases/download/v1.0.1/slowlog_check.1.0.1.zip"
-    working_dir = path.module
-  }
-}
-
 resource aws_ssm_parameter datadog_api_key {
-  name        = "/${var.ssm_path}/DATADOG_API_KEY"
+  name        = "/${var.ssm_path}/${local.replication_group}/DATADOG_API_KEY"
   description = "Datadog API Key"
   tags        = var.tags
   type        = "SecureString"
   value       = var.datadog_api_key
 }
 
 resource aws_ssm_parameter datadog_app_key {
-  name        = "/${var.ssm_path}/DATADOG_APP_KEY"
+  name        = "/${var.ssm_path}/${local.replication_group}/DATADOG_APP_KEY"
   description = "Datadog App Key"
   tags        = var.tags
   type        = "SecureString"
@@ -119,9 +112,9 @@ resource aws_ssm_parameter datadog_app_key {
 
 
 resource "aws_lambda_function" "slowlog_check" {
-  function_name    = "slowlog_check"
-  filename         = "${path.module}/slowlog_check.1.0.1.zip"
-  source_code_hash = "Xn5bMbrSmVqdHMjchEAk/r2TJT6cHdQfIXRIaZo7vdQ="
+  function_name    = "slowlog_check_for_${local.replication_group}"
+  filename         = local.slowlog_check_archive_path
+  source_code_hash = local.slowlog_check_archive_hash
   role             = aws_iam_role.slowlog_check.arn
   handler          = "lambda_function.lambda_handler"
   runtime          = "ruby2.5"
@@ -134,15 +127,14 @@ resource "aws_lambda_function" "slowlog_check" {
   environment {
     variables = {
       REDIS_HOST = var.elasticache_endpoint
-      SSM_PATH   = "${var.ssm_path}"
+      SSM_PATH   = "${var.ssm_path}/${local.replication_group}"
       NAMESPACE  = var.namespace
       ENV        = var.env
       METRICNAME = var.metric_name
     }
   }
 
-  tags       = var.tags
-  depends_on = [null_resource.get_slowlog_check_archive]
+  tags = var.tags
 }
 
 resource aws_lambda_function_event_invoke_config slowlog_check {

diff --git a/vars.tf b/vars.tf
@@ -39,7 +39,7 @@ variable metric_name {
 }
 
 variable ssm_path {
-  description = "Custom SSM path to provision Datadog access ID's in. Leading slash ommitted."
+  description = "Custom SSM path to provision Datadog access ID's in. Leading slash ommitted. The final SSM paths will look like: `/$ssm_path/$replication_group/DATADOG_API_KEY`"
   default     = "slowlog_check"
 }