【Terraform】Terraform ~ AWS CloudWatch ~

■ はじめに

https://dk521123.hatenablog.com/entry/2023/05/14/122215

のトラブルシュートのために、
AWS CloudWatchで出力することを学んだので、メモ。

目次

【1】公式ドキュメント
 1)Resource: aws_cloudwatch_log_group
【2】使い方
【3】サンプル
 1)For MSK Cluster
 2)For MSK Connector

【1】公式ドキュメント

1)Resource: aws_cloudwatch_log_group

* AWS CloudWatch Log Group の作成

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group

【2】使い方

[1] 「Resource: aws_cloudwatch_log_group」を使ってロググループを定義
[2] [1] をそれぞれのAWSサービスリソースの定義に沿って付与する

【3】サンプル

1)For MSK Cluster

# AWS CloudWatch
resource "aws_cloudwatch_log_group" "demo_cloudwatch_log_for_msk_cluster" {
  name = "/aws/msk/cluster"
  # 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731,
  # 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0
  retention_in_days = 7

  tags = {
    Environment = "dev"
    Application = "serviceA"
  }
}

# If you want other codes, see https://dk521123.hatenablog.com/entry/2023/05/14/122215

# MSK cluster
resource "aws_msk_cluster" "demo_msk_cluster" {
  cluster_name           = "demo-msk-cluster"
  kafka_version          = "2.7.1"
  number_of_broker_nodes = 3

  broker_node_group_info {
    instance_type = "kafka.m5.4xlarge"
    client_subnets = [
      aws_subnet.subnet_az1.id,
      aws_subnet.subnet_az2.id,
      aws_subnet.subnet_az3.id,
    ]
    storage_info {
      ebs_storage_info {
        provisioned_throughput {
          enabled           = true
          volume_throughput = 250
        }
        volume_size = 1000
      }
    }
    security_groups = [aws_security_group.demo_msk_sg.id]
  }

  # To set timeout (Default is 20min)
  timeouts {
    create = "1h"
    update = "1h"
    delete = "1h"
  }

  # ★ここに注目★
  # For logging
  # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#logging_info  
  logging_info {
    # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#broker_logs  
    broker_logs {
      # 
      cloudwatch_logs {
        enabled   = true
        log_group = aws_cloudwatch_log_group.demo_cloudwatch_log_for_msk_cluster.name
      }
      #firehose {
      #  enabled         = true
      #  delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
      #}
      #s3 {
      #  enabled = true
      #  bucket  = aws_s3_bucket.bucket.id
      #  prefix  = "logs/msk-cluster-"
      #}
    }
  }
}

2)For MSK Connector

# AWS CloudWatch
resource "aws_cloudwatch_log_group" "demo_cloudwatch_log_for_msk_connector" {
  name = "/aws/msk/connector"
  # 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731,
  # 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0
  retention_in_days = 7

  tags = {
    Environment = "dev"
    Application = "serviceA"
  }
}

# If you want other codes, see https://dk521123.hatenablog.com/entry/2023/05/14/122215

resource "aws_mskconnect_connector" "demo_mskconnect_connector" {
  name = "demo-msk-connect"

  kafkaconnect_version = "2.7.1"

  capacity {
    autoscaling {
      mcu_count        = 1
      min_worker_count = 1
      max_worker_count = 2

      scale_in_policy {
        cpu_utilization_percentage = 20
      }

      scale_out_policy {
        cpu_utilization_percentage = 80
      }
    }
  }

  # Connector Conguration
  connector_configuration = {
    "name" = "demo-msk-connect"
    "connector.class" = "com.github.jcustenborder.kafka.connect.simulator.SimulatorSinkConnector"
    "tasks.max"       = "3"
    "topics"          = "demo-topic"
  }

  kafka_cluster {
    apache_kafka_cluster {
      bootstrap_servers = aws_msk_cluster.demo_msk_cluster.bootstrap_brokers_tls

      vpc {
        security_groups = [aws_security_group.demo_msk_sg.id]
        subnets = [aws_subnet.subnet_az1.id, subnet_az2.example2.id, subnet_az2.example3.id]
      }
    }
  }

  kafka_cluster_client_authentication {
    authentication_type = "NONE"
  }

  # https://docs.aws.amazon.com/ja_jp/MSKC/latest/mskc/API_KafkaClusterEncryptionInTransit.html
  # Valid Values: PLAINTEXT | TLS
  kafka_cluster_encryption_in_transit {
    encryption_type = "TLS"
  }

  plugin {
    custom_plugin {
      arn      = aws_mskconnect_custom_plugin.demo_msk_connect_custom_plugin.arn
      revision = aws_mskconnect_custom_plugin.demo_msk_connect_custom_plugin.latest_revision
    }
  }

  service_execution_role_arn = aws_iam_role.demo_msk_connector_service_execution_role.arn

  # To set timeout (Default is 20min)
  timeouts {
    create = "1h"
    update = "1h"
    delete = "1h"
  }

  # ★ここに注目★
  # For logging
  # See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mskconnect_connector#log_delivery  
  log_delivery {
    # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mskconnect_connector#cloudwatch_logs-configuration-block  
    worker_log_delivery {
       cloudwatch_logs {
         # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mskconnect_connector#cloudwatch_logs-configuration-block  
         enabled = true
         log_group = aws_cloudwatch_log_group.demo_cloudwatch_log_for_msk_connector.name
       }
    }
  }
}

関連記事

Terraform ~ 環境構築編 ~
https://dk521123.hatenablog.com/entry/2023/04/05/000224
Terraform ~ 入門編 ~
https://dk521123.hatenablog.com/entry/2019/12/09/222057
Terraform ~ 基本編 ~
https://dk521123.hatenablog.com/entry/2023/05/03/000000
Terraform ~ AWS IAM ~
https://dk521123.hatenablog.com/entry/2023/04/12/214311
Terraform ~ AWS S3 ~
https://dk521123.hatenablog.com/entry/2023/04/09/104204
Terraform ~ AWS MSK ~
https://dk521123.hatenablog.com/entry/2023/05/14/122215