fix: edge case when not logging to cloudwatch (nozaq#161)

willfarrell · nozaq · web-flow · commit a87c731f5190 · 2020-12-30T03:16:41.000+09:00
* fix: edge case with not logging to cloudwatch

* fix: require cloudwatch logs for alarms

Co-authored-by: nozaq &lt;code@nozaq.com&gt;
diff --git a/main.tf b/main.tf
@@ -65,9 +65,9 @@ module "cloudtrail_baseline" {
 module "alarm_baseline" {
   source = "./modules/alarm-baseline"
 
-  enabled                   = local.is_cloudtrail_enabled
+  enabled                   = local.is_cloudtrail_enabled && var.cloudtrail_cloudwatch_logs_enabled
   alarm_namespace           = var.alarm_namespace
-  cloudtrail_log_group_name = local.is_cloudtrail_enabled ? module.cloudtrail_baseline.log_group.name : ""
+  cloudtrail_log_group_name = local.is_cloudtrail_enabled ? module.cloudtrail_baseline.log_group : ""
   sns_topic_name            = var.alarm_sns_topic_name
 
   tags = var.tags
diff --git a/modules/cloudtrail-baseline/outputs.tf b/modules/cloudtrail-baseline/outputs.tf
@@ -20,5 +20,5 @@ output "log_delivery_iam_role" {
 
 output "log_group" {
   description = "The CloudWatch Logs log group which stores CloudTrail events."
-  value       = var.cloudwatch_logs_enabled && var.enabled ? aws_cloudwatch_log_group.cloudtrail_events[0] : null
+  value       = var.cloudwatch_logs_enabled && var.enabled ? aws_cloudwatch_log_group.cloudtrail_events[0].name : null
 }

Original file line number	Diff line number	Diff line change
`@@ -20,5 +20,5 @@ output "log_delivery_iam_role" {`
`20`	`20`
`21`	`21`	`output "log_group" {`
`22`	`22`	`description = "The CloudWatch Logs log group which stores CloudTrail events."`
`23`		`- value = var.cloudwatch_logs_enabled && var.enabled ? aws_cloudwatch_log_group.cloudtrail_events[0] : null`
	`23`	`+ value = var.cloudwatch_logs_enabled && var.enabled ? aws_cloudwatch_log_group.cloudtrail_events[0].name : null`
`24`	`24`	`}`