Skip to content

Commit

Permalink
feat: allow disabling cloudwatch logs for es
Browse files Browse the repository at this point in the history
Adds a new configuration option to allow disabling cloudwatch
for ES in case it's not required or the credentials being used
don't have the appropriate permissions.
  • Loading branch information
fmartingr committed Nov 26, 2024
1 parent 134b92b commit ed78330
Show file tree
Hide file tree
Showing 9 changed files with 47 additions and 18 deletions.
3 changes: 2 additions & 1 deletion config/deployer.sample.json
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,8 @@
"RestoreTimeoutMinutes": 45,
"ClusterTimeoutMinutes": 45,
"ZoneAwarenessEnabled": false,
"ZoneAwarenessAZCount": 2
"ZoneAwarenessAZCount": 2,
"EnableCloudwatchLogs": true
},
"RedisSettings": {
"Enabled": false,
Expand Down
1 change: 1 addition & 0 deletions config/deployer.sample.toml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ InstanceType = 'r6g.large.search'
Version = 'Elasticsearch_7.10'
ZoneAwarenessEnabled = false
ZoneAwarenessAZCount = 2
EnableCloudwatchLogs = true

[ExternalBucketSettings]
AmazonS3AccessKeyId = ''
Expand Down
2 changes: 2 additions & 0 deletions deployment/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,8 @@ type ElasticSearchSettings struct {
ZoneAwarenessEnabled bool `default:"false"`
// ZoneAwarenessAZCount indicates the number of availability zones to use for zone awareness.
ZoneAwarenessAZCount int `default:"2" validate:"range:[1,3]"`
// EnableCloudwatchLogs indicates whether to enable Cloudwatch logs or not.
EnableCloudwatchLogs bool `default:"true"`
}

type RedisSettings struct {
Expand Down
12 changes: 6 additions & 6 deletions deployment/terraform/assets/bindata.go

Large diffs are not rendered by default.

19 changes: 15 additions & 4 deletions deployment/terraform/assets/elasticsearch.tf
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,17 @@ resource "aws_iam_role_policy_attachment" "es_attach" {
}
*/
resource "aws_cloudwatch_log_group" "es_log_group" {
count = var.es_enable_cloudwatch_logs ? 1 : 0
name = "${var.cluster_name}-log-group"
}

data "aws_subnets" "selected" {
filter {
name = "vpc-id"
values = [var.cluster_vpc_id]
}
}

resource "aws_opensearch_domain" "es_server" {
tags = {
Name = "${var.cluster_name}-es_server"
Expand All @@ -79,7 +87,7 @@ resource "aws_opensearch_domain" "es_server" {
engine_version = var.es_version

vpc_options {
subnet_ids = (length(var.cluster_subnet_ids.elasticsearch) > 0) ? tolist(var.cluster_subnet_ids.elasticsearch) : null
subnet_ids = (length(var.cluster_subnet_ids.elasticsearch) > 0) ? tolist(var.cluster_subnet_ids.elasticsearch) : [element(tolist(data.aws_subnets.selected.ids), 0)]
security_group_ids = [aws_security_group.elastic[0].id]
}

Expand Down Expand Up @@ -116,9 +124,12 @@ resource "aws_opensearch_domain" "es_server" {
aws_iam_service_linked_role.es,
]

log_publishing_options {
cloudwatch_log_group_arn = aws_cloudwatch_log_group.es_log_group.arn
log_type = "ES_APPLICATION_LOGS"
dynamic "log_publishing_options" {
for_each = var.es_enable_cloudwatch_logs ? [true] : []
content {
cloudwatch_log_group_arn = aws_cloudwatch_log_group.es_log_group.arn
log_type = "ES_APPLICATION_LOGS"
}
}

advanced_security_options {
Expand Down
3 changes: 3 additions & 0 deletions deployment/terraform/assets/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ variable "es_zone_awareness_enabled" {
variable "es_zone_awarness_availability_zone_count" {
}

variable "es_enable_cloudwatch_logs" {
}

# Proxy server

variable "proxy_instance_count" {
Expand Down
16 changes: 9 additions & 7 deletions deployment/terraform/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -186,14 +186,16 @@ func (t *Terraform) Create(initData bool) error {
// policies: there can only be 10 such policies per region per account.
// Check the docs for more information:
// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html
if err = t.checkCloudWatchLogsPolicy(); err != nil {
if err != ErrNotFound {
return fmt.Errorf("failed to check CloudWatchLogs policy: %w", err)
}
if t.config.ElasticSearchSettings.EnableCloudwatchLogs {
if err = t.checkCloudWatchLogsPolicy(); err != nil {
if err != ErrNotFound {
return fmt.Errorf("failed to check CloudWatchLogs policy: %w", err)
}

mlog.Info("No CloudWatchLogs policy found, creating a new one")
if err := t.createCloudWatchLogsPolicy(); err != nil {
return fmt.Errorf("failed creating CloudWatchLogs policy")
mlog.Info("No CloudWatchLogs policy found, creating a new one")
if err := t.createCloudWatchLogsPolicy(); err != nil {
return fmt.Errorf("failed creating CloudWatchLogs policy")
}
}
}

Expand Down
1 change: 1 addition & 0 deletions deployment/terraform/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,7 @@ func (t *Terraform) getParams() []string {
"-var", fmt.Sprintf("es_snapshot_repository=%s", t.config.ElasticSearchSettings.SnapshotRepository),
"-var", fmt.Sprintf("es_zone_awareness_enabled=%t", t.config.ElasticSearchSettings.ZoneAwarenessEnabled),
"-var", fmt.Sprintf("es_zone_awarness_availability_zone_count=%d", t.config.ElasticSearchSettings.ZoneAwarenessAZCount),
"-var", fmt.Sprintf("es_enable_cloudwatch_logs=%t", t.config.ElasticSearchSettings.EnableCloudwatchLogs),
"-var", fmt.Sprintf("proxy_instance_count=%d", t.config.ProxyInstanceCount),
"-var", fmt.Sprintf("proxy_instance_type=%s", t.config.ProxyInstanceType),
"-var", fmt.Sprintf("ssh_public_key=%s", t.config.SSHPublicKey),
Expand Down
8 changes: 8 additions & 0 deletions docs/config/deployer.md
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,14 @@ The number of availability zones to use for the Elasticsearch cluster. This sett

Check the [documentation](https://aws.amazon.com/blogs/big-data/increase-availability-for-amazon-opensearch-service-by-deploying-in-three-availability-zones/).

### EnableCloudwatchLogs

*bool* (Default: `true`)

Wheter to enable Cloudwatch logs for the Elasticsearch cluster.

Check the [documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html).

## JobServerSettings

### InstanceCount
Expand Down

0 comments on commit ed78330

Please sign in to comment.