v1.7.0

feat(log-forwarder): enable cache bucket for failed log events and dd tags @kevcube (#85)

what

Creates a bucket for storing Datadog Lambda tag cache (I'm not sure what this actually is) and storing log events which the lambda failed to post to DD.

See info here and here

why

We upgraded our lambda to the latest version published by DD and were receiving errors because DD_S3_BUCKET was unset, I investigated this functionality and implemented it in this module.

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#84)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#83)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#82)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#81)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#77)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Bump golang.org/x/net from 0.8.0 to 0.17.0 in /test/src @dependabot (#74)

Bumps golang.org/x/net from 0.8.0 to 0.17.0.

Commits

• b225e7c http2: limit maximum handler goroutines to MaxConcurrentStreams
• 88194ad go.mod: update golang.org/x dependencies
• 2b60a61 quic: fix several bugs in flow control accounting
• 73d82ef quic: handle DATA_BLOCKED frames
• 5d5a036 quic: handle streams moving from the data queue to the meta queue
• 350aad2 quic: correctly extend peer's flow control window after MAX_DATA
• 21814e7 quic: validate connection id transport parameters
• a600b35 quic: avoid redundant MAX_DATA updates
• ea63359 http2: check stream body is present on read timeout
• ddd8598 quic: version negotiation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

v1.6.1

allow full ARN for API key SSM param identifier @natw (#76)

what

This expands the validation rules for the dd_api_key_source variable to allow you to provide the full ARN for a SSM parameter.

why

In the case where the parameter in question is shared from another account (via RAM), it has to be referenced using the full ARN.

references

https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html#accessing

🤖 Automatic Updates

Add GitHub Settings @osterman (#71)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#69)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v1.6.0

fix: drop statement_id. Low value and has issues @dudymas (#64)

what

• remove the statement_id from the aws_lambda_permission resource for
  buckets

why

• statement_id breaks when valid buckets are specified. The two have entirely
  different requirements for what is syntactically valid
• statement_id is intended for organizing many documents. Since the
  permission is simple and its intent direct... the parameter is unneeded
• The alternative, to devise a way to correct valid bucket names, is more
  logic to maintain and could end up breaking again in the future.

references

• statement_id
• SweetOps thread (Public slack)

v1.5.3

🐛 Bug Fixes

Make sure log groups are created before and deleted after lambdas @Nuru (#63)

what

• Make sure log groups are created before and deleted after lambdas
• Update terraform cloudposse/module-artifact/external to v0.8.0
• Update tests

why

• AWS will create a log group if needed, and if it does, it will clash with the one this module is trying to manage. Ensure that AWS never needs to create a log group by making sure this module creates one before creating the lambda and does not delete it until after the lambda is removed.
• Keep current
• Fix broken tests

references

• Supersedes and closes #52
• Incorporates #56, Supersedes and closes #62

v1.5.2

Add custom lambda policy name @woz5999 (#59)

what

Allow specifying a custom name for the lambda custom policy document

why

It's not possible to use multiple instances of this module in the same account. For example, we use a different forwarder for cloudtrail vs flow flogs.

references

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#61)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v1.5.1

🚀 Enhancements

Remove data source validation of CloudWatch groups @bendrucker (#28)

What

• Removes the use of data "aws_cloudwatch_log_group" to assert the existence of provided CloudWatch groups

Why

• It prevents callers from passing in a group name directly from aws_cloudwatch_log_group, in cases where the log group is being created
• Since the name attribute is generally known via configuration (statically defined), the data source attempts to read the group at plan time, but it may not exist yet.

References

• This was added in #21. Any "plan time validation" via data sources must rely on computed attributes that cannot be known until the resource exists, i.e. a randomly generated ID. In this case, Terraform will defer the data source read until apply time because of the unknown attribute.

v1.5.0

Fix logic when `enabled = false`. Update tests. Update module versions and GitHub workflows @aknysh (#53)

what

• Fix logic when enabled = false
• Update tests
• Update module versions and GitHub workflows

why

• When enabled is set to false, the Terraform coalesce function gets two parameters that are either null or an empty string, and throws an error. Wrapping the coalesce function in a try function solved the issues when the module is disabled
• Update terratests to the latest patterns. Add a test for a disabled module
• Keep up to date

Sync github @max-lobur (#54)

Rebuild github dir from the template

v1.4.0

• No changes

v1.3.1

🚀 Enhancements

Fix Darwin_arm64 template @kevcube (#51)

what

• use cloudposse release of template provider
• fixed in https://github.com/cloudposse/terraform-external-module-artifact/releases/tag/0.7.2

why

references

v1.3.0

feat: add functionality to forward Cloudwatch Events @kevcube (#48)

what

• Enables forwarding of CloudWatch Events to Datadog Logs
• Uses Cloudposse Cloudwatch Events module
• Upgrades tf to >=1.3.0 to enable optionals

why

• Enables us to get GuardDuty events into DD Logs