Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Core logging default tags #9517

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
+14 −3
Open

Core logging default tags #9517

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
b265a84
Core logging default tags
markgov Mar 11, 2025
8d67fad
tags update
markgov Mar 11, 2025
d8b852d
adding back the missing tag for athena s3
markgov Mar 11, 2025
78dec40
fixing S3 buckets missing tags
markgov Mar 11, 2025
d2da270
correcting plan failure
markgov Mar 11, 2025
bf412d2
fix2
markgov Mar 11, 2025
6274d33
Adding name tags to kms keys
markgov Mar 12, 2025
0d37bd9
reverted some of the locals back to original
markgov Mar 13, 2025
12f3b7f
Merge branch 'main' into feat/deafult-tagging
markgov Mar 13, 2025
b4bc48a
correcting providers error
markgov Mar 13, 2025
48a2e70
changing back to defaults on cortext
markgov Mar 13, 2025
9d11ef8
ssm changed
markgov Mar 13, 2025
4ce1545
amending tags for modules
markgov Mar 13, 2025
1ea76fe
update for r35
markgov Mar 13, 2025
6ca5244
obs changes
markgov Mar 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions terraform/environments/core-logging/providers.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,14 @@ provider "aws" {
assume_role {
role_arn = "arn:aws:iam::${local.environment_management.account_ids[terraform.workspace]}:role/ModernisationPlatformAccess"
}
default_tags { tags = local.tags }
}

# AWS provider for the Modernisation Platform, to get things from there if required
provider "aws" {
alias = "modernisation-platform"
region = "eu-west-2"
default_tags { tags = local.tags }
}

provider "aws" {
Expand All @@ -18,6 +20,7 @@ provider "aws" {
assume_role {
role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-logging-production"]}:role/ModernisationPlatformAccess"
}
default_tags { tags = local.tags }
}

# AWS provider for core-network-services to get the Transit Gateway attachment
Expand All @@ -27,4 +30,5 @@ provider "aws" {
assume_role {
role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/ModernisationPlatformAccess"
}
default_tags { tags = local.tags }
}
16 changes: 8 additions & 8 deletions terraform/environments/core-logging/r53_logs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,19 @@ locals {
resource "aws_route53_resolver_query_log_config" "s3" {
name = format("%s-rlq-s3", local.application_name)
destination_arn = aws_s3_bucket.logging["r53-resolver-logs"].arn
tags = local.tags
tags = {}
}

resource "aws_route53_resolver_query_log_config" "cloudwatch" {
name = format("%s-rlq-cloudwatch", local.application_name)
destination_arn = aws_cloudwatch_log_group.r53_resolver_logs.arn
tags = local.tags
tags = {}
}

resource "aws_ram_resource_share" "resolver_query_share" {
allow_external_principals = false
name = format("%s-resolver-log-query-share", local.application_name)
tags = local.tags
tags = {}
}

resource "aws_ram_resource_association" "resolver_query_share" {
Expand All @@ -38,15 +38,15 @@ resource "aws_cloudwatch_log_group" "r53_resolver_logs" {
kms_key_id = aws_kms_key.r53_resolver_logs.arn
name_prefix = "r53-resolver-logs"
retention_in_days = 365
tags = local.tags
tags = {}
}

resource "aws_kms_key" "r53_resolver_logs" {
description = "KMS key used to encrypt R53 Resolver Logs CloudWatch log group"
enable_key_rotation = true
multi_region = true
policy = data.aws_iam_policy_document.r53_resolver_logs_kms.json
tags = local.tags
tags = {}
}

data "aws_iam_policy_document" "r53_resolver_logs_kms" {
Expand Down Expand Up @@ -113,20 +113,20 @@ resource "aws_cloudwatch_metric_alarm" "r53_dns_firewall_alarm" {
statistic = "Sum"
threshold = "1"
alarm_actions = [aws_sns_topic.r53_dns_firewall.arn]
tags = local.tags
tags = {}
}

resource "aws_sns_topic" "r53_dns_firewall" {
name = "r53-dns-firewall-sns-topic"
kms_master_key_id = aws_kms_key.r53_dns_firewall.key_id
tags = local.tags
tags = {}
}

resource "aws_kms_key" "r53_dns_firewall" {
description = "KMS key for DNS Firewall SNS Topic Encryption"
enable_key_rotation = true
policy = data.aws_iam_policy_document.r53_dns_firewall_kms_policy.json
tags = local.tags
tags = {}
}

resource "aws_kms_alias" "r53_dns_firewall" {
Expand Down
4 changes: 2 additions & 2 deletions terraform/environments/core-logging/s3_logging.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ module "s3-bucket-cloudtrail" {
}
]
log_bucket = module.s3-bucket-cloudtrail-logging.bucket.id
tags = local.tags
tags = {}
}
# Allow access to the bucket from the MoJ root account
# Policy extrapolated from:
Expand Down Expand Up @@ -344,5 +344,5 @@ module "s3-bucket-cloudtrail-logging" {
}
]

tags = local.tags
tags = {}
}
Loading